CVE-2024-47495
Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
11/10/2024
Last modified:
15/10/2024
Description
An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in use on Juniper Networks Junos OS Evolved devices.<br />
<br />
This issue affects:<br />
Juniper Networks Junos OS Evolved with dual-REs:<br />
* All versions before 21.2R3-S8-EVO,<br />
* from 21.4-EVO before 21.4R3-S8-EVO,<br />
* from 22.2-EVO before 22.2R3-S4-EVO,<br />
* from 22.3-EVO before 22.3R3-S4-EVO,<br />
* from 22.4-EVO before 22.4R3-S3-EVO,<br />
* from 23.2-EVO before 23.2R2-S1-EVO,<br />
* from 23.4-EVO before 23.4R2-S1-EVO.<br />
<br />
<br />
<br />
This issue does not affect Juniper Networks Junos OS.
Impact
Base Score 4.0
8.40
Severity 4.0
HIGH
Base Score 3.x
6.70
Severity 3.x
MEDIUM