Описание
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root.
When a user provides specifically crafted arguments to the 'request system logout' command, these will be executed as root on the shell, which can completely compromise the device. This issue affects:
Junos OS:
- all versions before 21.2R3-S9,
- 21.4 versions before 21.4R3-S8,
- 22.2 versions before 22.2R3-S6,
- 22.3 versions before 22.3R3-S3,
- 22.4 versions before 22.4R3-S6,
- 23.2 versions before 23.2R2-S1,
- 23.4 versions before 23.4R1-S2, 23.4R2;
Junos OS Evolved:
- all versions before 22.4R3-S6-EVO,
- 23.2-EVO versions before 23.2R2-S1-EVO,
- 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.
EPSS
6.7 Medium
CVSS3
Дефекты
Связанные уязвимости
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root. When a user provides specifically crafted arguments to the 'request system logout' command, these will be executed as root on the shell, which can completely compromise the device. This issue affects: Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S8, * 22.2 versions before 22.2R3-S6, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S1, * 23.4 versions before 23.4R1-S2, 23.4R2; Junos OS Evolved: * all versions before 22.4R3-S6-EVO, * 23.2-EVO versions before 23.2R2-S1-EVO, * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.
Уязвимость интерфейса командной строки (CLI) операционных систем Juniper Networks Junos OS и Junos OS Evolved, позволяющая нарушителю повысить свои привилегии
EPSS
6.7 Medium
CVSS3