Main Vulnerability Database Vulnerabilities #VU98390

Improper access control in Juniper Junos OS - CVE-2024-39527

Published: October 11, 2024

Vulnerability identifier: #VU98390

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-39527

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Juniper Networks, Inc.

Affected software:
Juniper Junos OS

Detailed vulnerability description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the command-line interface. A local user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system.

How to mitigate CVE-2024-39527

Install updates from vendor's website.

Sources

https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-Low-privileged-user-able-to-access-sensitive-information-on-file-system-CVE-2024-39527

Improper access control in Juniper Junos OS - CVE-2024-39527

Detailed vulnerability description

How to mitigate CVE-2024-39527

Sources

Please verify you're human