6.8

CVE-2025-52963

An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down an interface, leading to a Denial-of-Service.

Users with "view" permissions can run a specific request interface command which allows the user to shut down the interface.
This issue affects Junos OS: 


  *  All versions before 21.2R3-S9, 
  *  from 21.4 before 21.4R3-S11, 
  *  from 22.2 before 22.2R3-S7,
  *  from 22.4 before 22.4R3-S7, 
  *  from 23.2 before 23.2R2-S4,
  *  from 23.4 before 23.4R2-S5,  
  *  from 24.2 before 24.2R2-S1, 
  *  from 24.4 before 24.4R1-S3, 24.4R2.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerJuniper Networks
Produkt Junos OS
Default Statusunaffected
Version < 21.2R3-S9
Version 0
Status affected
Version < 21.4R3-S11
Version 21.4
Status affected
Version < 22.2R3-S7
Version 22.2
Status affected
Version < 22.4R3-S7
Version 22.4
Status affected
Version < 23.2R2-S4
Version 23.2
Status affected
Version < 23.4R2-S5
Version 23.4
Status affected
Version < 24.2R2-S1
Version 24.2
Status affected
Version < 24.4R1-S3, 24.4R2
Version 24.4
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.018
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
sirt@juniper.net 6.8 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:M/U:X
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.