1. Home
  2. CVE Database
  3. CVE-2024-39546
HIGH · 7.3

CVE-2024-39546

A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain f...

Vulnerability Description

A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system.  This issue affects Junos OS Evolved:  * All versions prior to 21.2R3-S8-EVO,  * 21.4 versions prior to  21.4R3-S6-EVO,  * 22.1 versions prior to 22.1R3-S5-EVO,  * 22.2 versions prior to 22.2R3-S3-EVO,  * 22.3 versions prior to 22.3R3-S3-EVO,  * 22.4 versions prior to 22.4R3-EVO,  * 23.2 versions prior to 23.2R2-EVO.

CVSS Score

7.3

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
JuniperJunos Os Evolved18.3

Related Weaknesses (CWE)

CWE-862

References

FAQ

What is CVE-2024-39546?

CVE-2024-39546 is a vulnerability with a CVSS score of 7.3 (HIGH). A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain f...

How severe is CVE-2024-39546?

CVE-2024-39546 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-39546?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos Os Evolved.