CVE-2023-28983

An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4 version 21.4R1-EVO and later versions prior to 22.1R1-EVO.

Published: Apr 18, 2023
Updated: Apr 18, 2023
CVE: CVE-2023-28983
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
juniper / junos_os_evolved	21.4-r1	21.4-r1.x
juniper / junos_os_evolved	21.4-r1-s1	21.4-r1-s1.x
juniper / junos_os_evolved	21.4	21.4.x
juniper / junos_os_evolved	21.4-r2	21.4-r2.x
juniper / junos_os_evolved	21.4-r2-s1	21.4-r2-s1.x
juniper / junos_os_evolved	21.4-r2-s2	21.4-r2-s2.x
juniper / junos_os_evolved	21.4-r1-s2	21.4-r1-s2.x
juniper / junos_os_evolved	21.4-r3	21.4-r3.x
juniper / junos_os_evolved	21.4-r3-s1	21.4-r3-s1.x
juniper / junos_os_evolved	21.4-r3-s2	21.4-r3-s2.x
juniper / junos_os_evolved	21.4-r3-s3	21.4-r3-s3.x

https://supportportal.juniper.net/JSA70609

Vulnerability Database

290,020

CVE-2023-28983