CVE-2024-39546
CVSS V2 None
CVSS V3 None
Description
A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system.
This issue affects Junos OS Evolved:
* All versions prior to 21.2R3-S8-EVO,
* 21.4 versions prior to 21.4R3-S6-EVO,
* 22.1 versions prior to 22.1R3-S5-EVO,
* 22.2 versions prior to 22.2R3-S3-EVO,
* 22.3 versions prior to 22.3R3-S3-EVO,
* 22.4 versions prior to 22.4R3-EVO,
* 23.2 versions prior to 23.2R2-EVO.
Overview
- CVE ID
- CVE-2024-39546
- Assigner
- juniper
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-07-11T16:23:56.237Z
- Last Modified Date
- 2024-07-11T17:41:59.707Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://supportportal.juniper.net/JSA83008 | vendor-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-39546 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39546 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-07-12 13:08:58 | Added to TrackCVE |