6.3

CVE-2024-39532

An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information.

When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information.
This issue affects:

Junos OS:



  *  All versions before 21.2R3-S9;
  *  

21.4 versions before 21.4R3-S9;

  *  22.2 versions before 22.2R2-S1, 22.2R3;
  *  22.3 versions before 22.3R1-S1, 22.3R2;




Junos OS Evolved:



  *  All versions before before 22.1R3-EVO;
  *  22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO;
  *  22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerJuniper Networks
Produkt Junos OS
Default Statusunaffected
Version < 21.2R3-S9
Version 0
Status affected
Version < 21.4R3-S9
Version 21.4
Status affected
Version < 22.2R2-S1, 22.2R3
Version 22.2
Status affected
Version < 22.3R1-S1, 22.3R2
Version 22.3
Status affected
HerstellerJuniper Networks
Produkt Junos OS Evolved
Default Statusunaffected
Version < 22.1R3-EVO
Version 0
Status affected
Version < 22.2R2-S1-EVO, 22.2R3-EVO
Version 22.2-EVO
Status affected
Version < 22.3R1-S1-EVO, 22.3R2-EVO
Version 22.3-EVO
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.085
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 6.3 1.1 4.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.