Privilege escalation in Junos OS Evolved
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-39512 |
| CWE-ID | CWE-1263 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Junos OS Evolved Operating systems & Components / Operating system |
| Vendor | Juniper Networks, Inc. |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Improper physical access control
EUVDB-ID: #VU94349
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-39512
CWE-ID:
CWE-1263 - Improper Physical Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper physical access control error in the console port control. A local non-authenticated attacker can the device to get access to a user account.
When the console cable is disconnected, the logged in user is not logged out.
This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJunos OS Evolved: 23.2R1-EVO - 23.2R2-EVO
CPE2.3- cpe:2.3:o:juniper_networks:junos_os_evolved:23.2R1-EVO:*:*:*:*:*:*:*
- cpe:2.3:o:juniper_networks:junos_os_evolved:23.2R1-S1-EVO:*:*:*:*:*:*:*
- cpe:2.3:o:juniper_networks:junos_os_evolved:23.2R1-S2-EVO:*:*:*:*:*:*:*
- cpe:2.3:o:juniper_networks:junos_os_evolved:23.2R2-EVO:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
