CVE-2024-47495

EPSS 0.01%
Veröffentlicht 11.10.2024 16:15:09
Zuletzt bearbeitet 26.01.2026 18:19:19
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

Junos OS Evolved: In a dual-RE scenario a locally authenticated attacker with shell privileges can take over the device.

An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in use on Juniper Networks Junos OS Evolved devices.

This issue affects:
Juniper Networks Junos OS Evolved with dual-REs:
  *  All versions before 21.2R3-S8-EVO,
  *  from 21.4-EVO before 21.4R3-S8-EVO,
  *  from 22.2-EVO before 22.2R3-S4-EVO,
  *  from 22.3-EVO before 22.3R3-S4-EVO,
  *  from 22.4-EVO before 22.4R3-S3-EVO,
  *  from 23.2-EVO before 23.2R2-S1-EVO,
  *  from 23.4-EVO before 23.4R2-S1-EVO.



This issue does not affect Juniper Networks Junos OS.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 73 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Os Evolved Version < 21.2

Juniper ≫ Junos Os Evolved Version21.2 Update-

Juniper ≫ Junos Os Evolved Version21.2 Updater1

Juniper ≫ Junos Os Evolved Version21.2 Updater1-s1

Juniper ≫ Junos Os Evolved Version21.2 Updater1-s2

Juniper ≫ Junos Os Evolved Version21.2 Updater2

Juniper ≫ Junos Os Evolved Version21.2 Updater2-s1

Juniper ≫ Junos Os Evolved Version21.2 Updater2-s2

Juniper ≫ Junos Os Evolved Version21.2 Updater3

Juniper ≫ Junos Os Evolved Version21.2 Updater3-s1

Juniper ≫ Junos Os Evolved Version21.2 Updater3-s2

Juniper ≫ Junos Os Evolved Version21.2 Updater3-s3

Juniper ≫ Junos Os Evolved Version21.2 Updater3-s4

Juniper ≫ Junos Os Evolved Version21.2 Updater3-s5

Juniper ≫ Junos Os Evolved Version21.2 Updater3-s6

Juniper ≫ Junos Os Evolved Version21.2 Updater3-s7

Juniper ≫ Junos Os Evolved Version21.4 Update-

Juniper ≫ Junos Os Evolved Version21.4 Updater1

Juniper ≫ Junos Os Evolved Version21.4 Updater1-s1

Juniper ≫ Junos Os Evolved Version21.4 Updater1-s2

Juniper ≫ Junos Os Evolved Version21.4 Updater2

Juniper ≫ Junos Os Evolved Version21.4 Updater2-s1

Juniper ≫ Junos Os Evolved Version21.4 Updater2-s2

Juniper ≫ Junos Os Evolved Version21.4 Updater3

Juniper ≫ Junos Os Evolved Version21.4 Updater3-s1

Juniper ≫ Junos Os Evolved Version21.4 Updater3-s2

Juniper ≫ Junos Os Evolved Version21.4 Updater3-s3

Juniper ≫ Junos Os Evolved Version21.4 Updater3-s4

Juniper ≫ Junos Os Evolved Version21.4 Updater3-s5

Juniper ≫ Junos Os Evolved Version21.4 Updater3-s6

Juniper ≫ Junos Os Evolved Version21.4 Updater3-s7

Juniper ≫ Junos Os Evolved Version22.2 Update-

Juniper ≫ Junos Os Evolved Version22.2 Updater1

Juniper ≫ Junos Os Evolved Version22.2 Updater1-s1

Juniper ≫ Junos Os Evolved Version22.2 Updater1-s2

Juniper ≫ Junos Os Evolved Version22.2 Updater2

Juniper ≫ Junos Os Evolved Version22.2 Updater2-s1

Juniper ≫ Junos Os Evolved Version22.2 Updater2-s2

Juniper ≫ Junos Os Evolved Version22.2 Updater3

Juniper ≫ Junos Os Evolved Version22.2 Updater3-s1

Juniper ≫ Junos Os Evolved Version22.2 Updater3-s2

Juniper ≫ Junos Os Evolved Version22.2 Updater3-s3

Juniper ≫ Junos Os Evolved Version22.3 Update-

Juniper ≫ Junos Os Evolved Version22.3 Updater1

Juniper ≫ Junos Os Evolved Version22.3 Updater1-s1

Juniper ≫ Junos Os Evolved Version22.3 Updater1-s2

Juniper ≫ Junos Os Evolved Version22.3 Updater2

Juniper ≫ Junos Os Evolved Version22.3 Updater2-s1

Juniper ≫ Junos Os Evolved Version22.3 Updater2-s2

Juniper ≫ Junos Os Evolved Version22.3 Updater3

Juniper ≫ Junos Os Evolved Version22.3 Updater3-s1

Juniper ≫ Junos Os Evolved Version22.3 Updater3-s2

Juniper ≫ Junos Os Evolved Version22.3 Updater3-s3

Juniper ≫ Junos Os Evolved Version22.4 Update-

Juniper ≫ Junos Os Evolved Version22.4 Updater1

Juniper ≫ Junos Os Evolved Version22.4 Updater1-s1

Juniper ≫ Junos Os Evolved Version22.4 Updater1-s2

Juniper ≫ Junos Os Evolved Version22.4 Updater2

Juniper ≫ Junos Os Evolved Version22.4 Updater2-s1

Juniper ≫ Junos Os Evolved Version22.4 Updater2-s2

Juniper ≫ Junos Os Evolved Version22.4 Updater3

Juniper ≫ Junos Os Evolved Version22.4 Updater3-s1

Juniper ≫ Junos Os Evolved Version22.4 Updater3-s2

Juniper ≫ Junos Os Evolved Version23.2 Update-

Juniper ≫ Junos Os Evolved Version23.2 Updater1

Juniper ≫ Junos Os Evolved Version23.2 Updater1-s1

Juniper ≫ Junos Os Evolved Version23.2 Updater1-s2

Juniper ≫ Junos Os Evolved Version23.2 Updater2

Juniper ≫ Junos Os Evolved Version23.4 Update-

Juniper ≫ Junos Os Evolved Version23.4 Updater1

Juniper ≫ Junos Os Evolved Version23.4 Updater1-s1

Juniper ≫ Junos Os Evolved Version23.4 Updater1-s2

Juniper ≫ Junos Os Evolved Version23.4 Updater2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.021

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
sirt@juniper.net	8.4	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:L/U:Green
sirt@juniper.net	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://kb.juniper.net/JSA88122

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-47495

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47495

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47495

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-47495