Main Vulnerability Database Vulnerabilities #VU98390

#VU98390 Improper access control in Juniper Junos OS - CVE-2024-39527

Published: October 11, 2024

Vulnerability identifier: #VU98390

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-39527

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Juniper Junos OS

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the command-line interface. A local user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system.

Remediation

Install updates from vendor's website.

External links

https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-Low-privileged-user-able-to-access-sensitive-information-on-file-system-CVE-2024-39527

#VU98390 Improper access control in Juniper Junos OS - CVE-2024-39527

Description

Remediation

External links

Please verify you're human