CVE-2024-39521

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system.

The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.

This issue affects Junos OS Evolved:

21.1-EVO versions 21.1R1-EVO and later before 21.2R3-S8-EVO,
21.4-EVO versions before 21.4R3-S7-EVO,
22.1-EVO versions before 22.1R3-S6-EVO,
22.2-EVO versions before 22.2R3-EVO,
22.3-EVO versions before 22.3R2-EVO.

Published: Jul 11, 2024
Updated: Jul 12, 2024
CVE: CVE-2024-39521
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
juniper / junos_os_evolved	21.2-r1	21.2-r1.x
juniper / junos_os_evolved	21.2-r1-s1	21.2-r1-s1.x
juniper / junos_os_evolved	21.2-r2	21.2-r2.x
juniper / junos_os_evolved	21.2	21.2.x
juniper / junos_os_evolved	21.2-r1-s2	21.2-r1-s2.x
juniper / junos_os_evolved	21.2-r2-s1	21.2-r2-s1.x
juniper / junos_os_evolved	21.4-r1	21.4-r1.x
juniper / junos_os_evolved	21.4-r1-s1	21.4-r1-s1.x
juniper / junos_os_evolved	21.2-r2-s2	21.2-r2-s2.x
juniper / junos_os_evolved	21.2-r3	21.2-r3.x
juniper / junos_os_evolved	21.4	21.4.x
juniper / junos_os_evolved	21.4-r2	21.4-r2.x
juniper / junos_os_evolved	21.4-r2-s1	21.4-r2-s1.x
juniper / junos_os_evolved	21.4-r2-s2	21.4-r2-s2.x
juniper / junos_os_evolved	21.4-r1-s2	21.4-r1-s2.x
juniper / junos_os_evolved	22.2-r1-s1	22.2-r1-s1.x
juniper / junos_os_evolved	22.2-r1	22.2-r1.x
juniper / junos_os_evolved	21.2-r3-s1	21.2-r3-s1.x
juniper / junos_os_evolved	22.3-r1	22.3-r1.x
juniper / junos_os_evolved	21.4-r3	21.4-r3.x
juniper / junos_os_evolved	22.2-r2	22.2-r2.x
juniper / junos_os_evolved	21.2-r3-s2	21.2-r3-s2.x
juniper / junos_os_evolved	21.2-r3-s3	21.2-r3-s3.x
juniper / junos_os_evolved	21.2-r3-s4	21.2-r3-s4.x
juniper / junos_os_evolved	21.4-r3-s1	21.4-r3-s1.x
juniper / junos_os_evolved	21.4-r3-s2	21.4-r3-s2.x
juniper / junos_os_evolved	21.4-r3-s3	21.4-r3-s3.x
juniper / junos_os_evolved	21.2-r3-s5	21.2-r3-s5.x
juniper / junos_os_evolved	22.2-r2-s2	22.2-r2-s2.x
juniper / junos_os_evolved	22.3-r1-s1	22.3-r1-s1.x
juniper / junos_os_evolved	22.3-r1-s2	22.3-r1-s2.x
juniper / junos_os_evolved	21.4-r3-s4	21.4-r3-s4.x
juniper / junos_os_evolved	22.3	22.3.x
juniper / junos_os_evolved	22.2	22.2.x
juniper / junos_os_evolved	21.2-r3-s6	21.2-r3-s6.x
juniper / junos_os_evolved	21.4-r3-s5	21.4-r3-s5.x
juniper / junos_os_evolved	21.4-r3-s7	21.4-r3-s7.x
juniper / junos_os_evolved	21.4-r3-s6	21.4-r3-s6.x
juniper / junos_os_evolved	21.2-r3-s7	21.2-r3-s7.x
juniper / junos_os_evolved	21.1	21.2

https://supportportal.juniper.net/JSA82975

Vulnerability Database

289,784

CVE-2024-39521