Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-47495

Oct. 15, 2024, 12:58 p.m.

CVSS Score

6.7 / 10

Product(s) Impacted

Juniper Networks Junos OS Evolved

  • All versions before 21.2R3-S8-EVO
  • from 21.4-EVO before 21.4R3-S8-EVO
  • from 22.2-EVO before 22.2R3-S4-EVO
  • from 22.3-EVO before 22.3R3-S4-EVO
  • from 22.4-EVO before 22.4R3-S3-EVO
  • from 23.2-EVO before 23.2R2-S1-EVO
  • from 23.4-EVO before 23.4R2-S1-EVO

Description

An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in use on Juniper Networks Junos OS Evolved devices. This issue affects: Juniper Networks Junos OS Evolved with dual-REs: * All versions before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S4-EVO, * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S1-EVO, * from 23.4-EVO before 23.4R2-S1-EVO. This issue does not affect Juniper Networks Junos OS.

Weaknesses

CWE-639
Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CWE ID: 639

Date

Published: Oct. 11, 2024, 4:15 p.m.

Last Modified: Oct. 15, 2024, 12:58 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

sirt@juniper.net

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score
6.7
Exploitability Score
0.8
Impact Score
5.9
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

https://kb.juniper.net/ sirt@juniper.net