8.4

CVE-2024-47495

An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in use on Juniper Networks Junos OS Evolved devices.

This issue affects:
Juniper Networks Junos OS Evolved with dual-REs:
  *  All versions before 21.2R3-S8-EVO,
  *  from 21.4-EVO before 21.4R3-S8-EVO,
  *  from 22.2-EVO before 22.2R3-S4-EVO,
  *  from 22.3-EVO before 22.3R3-S4-EVO,
  *  from 22.4-EVO before 22.4R3-S3-EVO,
  *  from 23.2-EVO before 23.2R2-S1-EVO,
  *  from 23.4-EVO before 23.4R2-S1-EVO.



This issue does not affect Juniper Networks Junos OS.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Vendorjuniper
Product junos_evolved
Default Statusunaffected
Version < 21.2r3-s8-evo
Version 0
Status affected
Version < 21.4r3-s8-evo
Version 21.4
Status affected
Version < 22.2r3-s4-evo
Version 22.2
Status affected
Version < 22.3r3-s4-evo
Version 22.3
Status affected
Version < 22.4r3-s3-evo
Version 22.4
Status affected
Version < 23.2r2-s1-evo
Version 23.2
Status affected
Version < 23.4r2-s1-evo
Version 23.4
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.03% 0.069
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
sirt@juniper.net 8.4 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:L/U:Green
sirt@juniper.net 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.