CVE-2024-39546
HIGHJuniper Junos OS Evolved Privilege Escalation via Socket Intercept Command File Interface
Title source: llmDescription
A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system. This issue affects Junos OS Evolved: * All versions prior to 21.2R3-S8-EVO, * 21.4 versions prior to 21.4R3-S6-EVO, * 22.1 versions prior to 22.1R3-S5-EVO, * 22.2 versions prior to 22.2R3-S3-EVO, * 22.3 versions prior to 22.3R3-S3-EVO, * 22.4 versions prior to 22.4R3-EVO, * 23.2 versions prior to 23.2R2-EVO.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://supportportal.juniper.net/JSA83008
Scores
CVSS v3
7.3
EPSS
0.0008
EPSS Percentile
23.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-862
Status
published
Products (9)
juniper/junos_os_evolved
18.3 r1
juniper/junos_os_evolved
19.1 r1 (2 CPE variants)
juniper/junos_os_evolved
19.2 r1 (2 CPE variants)
juniper/junos_os_evolved
19.3 r1 (2 CPE variants)
juniper/junos_os_evolved
19.4 r1 (5 CPE variants)
juniper/junos_os_evolved
20.1 (10 CPE variants)
juniper/junos_os_evolved
20.2 (6 CPE variants)
juniper/junos_os_evolved
20.3 (6 CPE variants)
juniper/junos_os_evolved
20.4 (16 CPE variants)
Published
Jul 11, 2024
Tracked Since
Feb 18, 2026