Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-39532

Severity CVSS v4.0:
Pending analysis
Type:
CWE-532 Information Exposure Through Log Files
Publication date:
11/07/2024
Last modified:
22/01/2026

Description

An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information.<br /> <br /> When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information.<br /> This issue affects:<br /> <br /> Junos OS:<br /> <br /> <br /> <br /> * All versions before 21.2R3-S9;<br /> * <br /> <br /> 21.4 versions before 21.4R3-S9;<br /> <br /> * 22.2 versions before 22.2R2-S1, 22.2R3;<br /> * 22.3 versions before 22.3R1-S1, 22.3R2;<br /> <br /> <br /> <br /> <br /> Junos OS Evolved:<br /> <br /> <br /> <br /> * All versions before before 22.1R3-EVO;<br /> * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO;<br /> * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N CVSS v3.1 Severity and Metrics:

Base Score: 6.30 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): High
Integrity (I): Low
Availability (A): None

Base Score 3.x
6.30
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:juniper:junos:*:-:*:*:*:*:*:* 21.2 (excluding)
cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r3-s6:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools