Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2024-21615
HistoryApr 12, 2024 - 3:15 p.m.

CVE-2024-21615

2024-04-1215:15:24
CWE-276
[email protected]
web.nvd.nist.gov
44
juniper networks
junos os
junos os evolved
incorrect default permissions
vulnerability
local attacker
access
confidential information
netconf
traceoptions config
super-user
sensitive information
confidentiality

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

5.1 Medium

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/SC:L/VI:N/SI:N/VA:N/SA:N

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system.

On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system.
This issue affects:

Junos OS:

  • all versions before 21.2R3-S7,

  • from 21.4 before 21.4R3-S5,

  • from 22.1 before 22.1R3-S5,

  • from 22.2 before 22.2R3-S3,

  • from 22.3 before 22.3R3-S2,

  • from 22.4 before 22.4R3,

  • from 23.2 before 23.2R1-S2.

Junos OS Evolved:

  • all versions before 21.2R3-S7-EVO,

  • from 21.3 before 21.3R3-S5-EVO,

  • from 21.4 before 21.4R3-S5-EVO,

  • from 22.1 before 22.1R3-S5-EVO,

  • from 22.2 before 22.2R3-S3-EVO,

  • from 22.3 before 22.3R3-S2-EVO,

  • from 22.4 before 22.4R3-EVO,

  • from 23.2 before 23.2R1-S2.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "21.2R3-S7",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S5",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S5",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S3",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R3-S2",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R3",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      },
      {
        "lessThan": "23.2R1-S2",
        "status": "affected",
        "version": "23.2",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Junos OS Evolved",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "21.2R3-S7-EVO",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3-S5-EVO",
        "status": "affected",
        "version": "21.3-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S5-EVO",
        "status": "affected",
        "version": "21.4-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S5-EVO",
        "status": "affected",
        "version": "22.1-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S3-EVO",
        "status": "affected",
        "version": "22.2-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R3-S2-EVO",
        "status": "affected",
        "version": "22.3-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R3-EVO",
        "status": "affected",
        "version": "22.4-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "23.2R1-S2",
        "status": "affected",
        "version": "23.2-EVO",
        "versionType": "semver"
      }
    ]
  }
]

Related

cvelist 1
nvd 1
cvelist
cvelist
CVE-2024-21615 Junos OS and Junos OS Evolved: A low-privileged user can access confidential information
2024-04-12 14:55:36
nvd
nvd
CVE-2024-21615
2024-04-12 15:15:24

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

5.1 Medium

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/SC:L/VI:N/SI:N/VA:N/SA:N

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for CVE-2024-21615
cvelist1nvd1