An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system.
The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.
This issue affects Junos OS Evolved:
* All version before 20.4R3-S6-EVO,
* 21.2-EVO versions before 21.2R3-S4-EVO,
* 21.4-EVO versions before 21.4R3-S6-EVO,
* 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO,
* 22.3-EVO versions before 22.3R2-EVO.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Juniper |
|
Configuration 1 [-]
|
No data.
References
| Link | Providers |
|---|---|
| https://supportportal.juniper.net/JSA82975 |
|
History
Mon, 23 Sep 2024 14:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s3:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s4:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s5:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s5:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: juniper
Published:
Updated: 2024-08-02T04:26:15.876Z
Reserved: 2024-06-25T15:12:53.239Z
Link: CVE-2024-39520
Vulnrichment
Updated: 2024-07-11T19:12:40.908Z
NVD
Status : Modified
Published: 2024-07-11T16:15:02.963
Modified: 2024-11-21T09:27:54.893
Link: CVE-2024-39520
Redhat
No data.