CVE-2024-39521

HIGH

Juniper Junos OS Evolved < 21.2 - OS Command Injection

Title source: rule
STIX 2.1

Description

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved:  * 21.1-EVO versions 21.1R1-EVO and later before 21.2R3-S8-EVO,  * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.1-EVO versions before 22.1R3-S6-EVO,  * 22.2-EVO versions before 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
https://supportportal.juniper.net/JSA82975

Scores

CVSS v3 7.8
EPSS 0.0018
EPSS Percentile 38.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (5)
juniper/junos_os_evolved 21.2 (15 CPE variants)
juniper/junos_os_evolved 21.4 (15 CPE variants)
juniper/junos_os_evolved 22.2 (5 CPE variants)
juniper/junos_os_evolved 22.3 (4 CPE variants)
juniper/junos_os_evolved 21.1 - 21.2
Published Jul 11, 2024
Tracked Since Feb 18, 2026