CVE-2024-39544

EPSS 0.02%
Veröffentlicht 11.10.2024 16:15:07
Zuletzt bearbeitet 15.10.2024 12:58:51
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information.



On all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows 

a low-privileged user can access sensitive information compromising the confidentiality of the system.



Junos OS Evolved: 




  *  All versions before 20.4R3-S9-EVO, 
  *  21.2-EVO before 21.2R3-S7-EVO, 
  *  21.4-EVO before 21.4R3-S5-EVO, 
  *  22.1-EVO before 22.1R3-S5-EVO, 
  *  22.2-EVO before 22.2R3-S3-EVO, 
  *  22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO, 
  *  22.4-EVO before 22.4R3-EVO, 
  *  23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerJuniper Networks

≫

Produkt Junos OS Evolved

Default Statusunaffected

Version < 20.4R3-S9-EVO

Version 0

Status affected

Version < 21.2R3-S7-EVO

Version 21.2-EVO

Status affected

Version < 21.4R3-S5-EVO

Version 21.4-EVO

Status affected

Version < 22.1R3-S5-EVO

Version 22.1-EVO

Status affected

Version < 22.2R3-S3-EVO

Version 22.2-EVO

Status affected

Version < 22.3R3-S2-EVO

Version 22.3-EVO

Status affected

Version < 22.4R3-EVO

Version 22.4-EVO

Status affected

Version < 23.2R1-S2-EVO, 23.2R2-EVO

Version 23.2-EVO

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.045

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
sirt@juniper.net	5	1.3	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
sirt@juniper.net	5.1	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://supportportal.juniper.net/JSA88106

https://nvd.nist.gov/vuln/detail/CVE-2024-39544

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-39544

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-39544

EUVD