Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-39512

An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account. When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges. This issue affects Junos OS Evolved: * from 23.2R2-EVO before 23.2R2-S1-EVO, * from 23.4R1-EVO before 23.4R2-EVO.

Published

2024-07-10T23:15:10.393

Last Modified

2025-02-07T19:36:39.607

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.6 (MEDIUM)

Weaknesses

Type: Secondary
CWE-1263
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	juniper	junos_os_evolved	23.2	Yes
Operating System	juniper	junos_os_evolved	23.4	Yes
Operating System	juniper	junos_os_evolved	23.4	Yes
Operating System	juniper	junos_os_evolved	23.4	Yes

References

https://supportportal.juniper.net/JSA82977 Vendor Advisory ([email protected])
https://supportportal.juniper.net/JSA82977 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)