CVE-2024-47495

EPSS 0.03%
Veröffentlicht 11.10.2024 16:15:09
Zuletzt bearbeitet 15.10.2024 12:58:51
Quelle sirt@juniper.net
Teams Watchlist Login
Unerledigt Login

An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in use on Juniper Networks Junos OS Evolved devices.

This issue affects:
Juniper Networks Junos OS Evolved with dual-REs:
  *  All versions before 21.2R3-S8-EVO,
  *  from 21.4-EVO before 21.4R3-S8-EVO,
  *  from 22.2-EVO before 22.2R3-S4-EVO,
  *  from 22.3-EVO before 22.3R3-S4-EVO,
  *  from 22.4-EVO before 22.4R3-S3-EVO,
  *  from 23.2-EVO before 23.2R2-S1-EVO,
  *  from 23.4-EVO before 23.4R2-S1-EVO.



This issue does not affect Juniper Networks Junos OS.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerjuniper

≫

Produkt junos_evolved

Default Statusunaffected

Version < 21.2r3-s8-evo

Version 0

Status affected

Version < 21.4r3-s8-evo

Version 21.4

Status affected

Version < 22.2r3-s4-evo

Version 22.2

Status affected

Version < 22.3r3-s4-evo

Version 22.3

Status affected

Version < 22.4r3-s3-evo

Version 22.4

Status affected

Version < 23.2r2-s1-evo

Version 23.2

Status affected

Version < 23.4r2-s1-evo

Version 23.4

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.069

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
sirt@juniper.net	8.4	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:L/U:Green
sirt@juniper.net	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://kb.juniper.net/JSA88122

https://nvd.nist.gov/vuln/detail/CVE-2024-47495

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47495

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47495

EUVD