CVE-2024-39544

EPSS 0.02%
Published 11.10.2024 16:15:07
Last modified 15.10.2024 12:58:51
Source sirt@juniper.net
Teams watchlist Login
Open Login

An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information.



On all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows 

a low-privileged user can access sensitive information compromising the confidentiality of the system.



Junos OS Evolved: 




  *  All versions before 20.4R3-S9-EVO, 
  *  21.2-EVO before 21.2R3-S7-EVO, 
  *  21.4-EVO before 21.4R3-S5-EVO, 
  *  22.1-EVO before 22.1R3-S5-EVO, 
  *  22.2-EVO before 22.2R3-S3-EVO, 
  *  22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO, 
  *  22.4-EVO before 22.4R3-EVO, 
  *  23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorJuniper Networks

≫

Product Junos OS Evolved

Default Statusunaffected

Version < 20.4R3-S9-EVO

Version 0

Status affected

Version < 21.2R3-S7-EVO

Version 21.2-EVO

Status affected

Version < 21.4R3-S5-EVO

Version 21.4-EVO

Status affected

Version < 22.1R3-S5-EVO

Version 22.1-EVO

Status affected

Version < 22.2R3-S3-EVO

Version 22.2-EVO

Status affected

Version < 22.3R3-S2-EVO

Version 22.3-EVO

Status affected

Version < 22.4R3-EVO

Version 22.4-EVO

Status affected

Version < 23.2R1-S2-EVO, 23.2R2-EVO

Version 23.2-EVO

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.035

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
sirt@juniper.net	5	1.3	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
sirt@juniper.net	5.1	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://supportportal.juniper.net/JSA88106

https://nvd.nist.gov/vuln/detail/CVE-2024-39544

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-39544

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-39544

EUVD