{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39532", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2024-06-25T15:12:53.241Z", "datePublished": "2024-07-11T16:06:40.305Z", "dateUpdated": "2024-08-02T04:26:15.806Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "22.1R2-S2", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "22.1R3-S5", "status": "affected", "version": "22.1R3", "versionType": "semver"}, {"lessThan": "22.2R2-S1, 22.2R3", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R1-S2, 22.3R2", "status": "affected", "version": "22.3", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "22.1R3-EVO", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "22.2R2-S1-EVO, 22.2R3-EVO", "status": "affected", "version": "22.2-EVO", "versionType": "semver"}, {"lessThan": "22.3R1-S1-EVO, 22.3R2-EVO", "status": "affected", "version": "22.3-EVO", "versionType": "semver"}]}], "datePublic": "2024-07-10T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An&nbsp;Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information.<br><br>When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information.<br><p>This issue affects:</p><p>Junos OS:</p><p></p><ul><li>All versions before 22.1R2-S2,</li><li>22.1R3 and later versions,</li><li>22.2 versions before 22.2R2-S1, 22.2R3,</li><li>22.3 versions before 22.3R1-S2, 22.3R2<span style=\"background-color: var(--wht);\">;</span></li></ul><p></p><p>Junos OS Evolved:</p><p></p><ul><li>All versions before before 22.1R3-EVO,</li><li>22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO,</li><li>22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO.</li></ul><p></p>"}], "value": "An\u00a0Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information.\n\nWhen another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information.\nThis issue affects:\n\nJunos OS:\n\n\n\n * All versions before 22.1R2-S2,\n * 22.1R3 and later versions,\n * 22.2 versions before 22.2R2-S1, 22.2R3,\n * 22.3 versions before 22.3R1-S2, 22.3R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n * All versions before before 22.1R3-EVO,\n * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO,\n * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO."}], "exploits": [{"lang": "eng", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 4.2, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-07-11T16:06:40.305Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA82992"}], "solutions": [{"lang": "eng", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:<br>Junos OS: 22.1R2-S2, 22.2R2-S1, 22.2R3, 22.3R1-S1, 22.3R1-S2, 22.3R2, 22.4R1, and all subsequent releases.<br>Junos OS Evolved: 22.1R3-EVO, 22.2R2-S1-EVO, 22.2R3-EVO, 22.3R1-S1-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases.<br>"}], "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 22.1R2-S2, 22.2R2-S1, 22.2R3, 22.3R1-S1, 22.3R1-S2, 22.3R2, 22.4R1, and all subsequent releases.\nJunos OS Evolved: 22.1R3-EVO, 22.2R2-S1-EVO, 22.2R3-EVO, 22.3R1-S1-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases."}], "source": {"advisory": "JSA82992", "defect": ["1645119"], "discovery": "INTERNAL"}, "title": "Junos OS and Junos OS Evolved: Confidential information in logs can be accessed by another user", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue."}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-11T18:58:58.168706Z", "id": "CVE-2024-39532", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T18:59:06.023Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.806Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://supportportal.juniper.net/JSA82992"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39532", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-11T18:58:58.168706Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T18:59:02.721Z"}}], "cna": {"title": "Junos OS and Junos OS Evolved: Confidential information in logs can be accessed by another user", "source": {"defect": ["1645119"], "advisory": "JSA82992", "discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.2, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "affected", "version": "0", "lessThan": "22.1R2-S2", "versionType": "semver"}, {"status": "affected", "version": "22.1R3", "lessThan": "22.1R3-S5", "versionType": "semver"}, {"status": "affected", "version": "22.2", "lessThan": "22.2R2-S1, 22.2R3", "versionType": "semver"}, {"status": "affected", "version": "22.3", "lessThan": "22.3R1-S2, 22.3R2", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Juniper Networks", "product": "Junos OS Evolved", "versions": [{"status": "affected", "version": "0", "lessThan": "22.1R3-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.2-EVO", "lessThan": "22.2R2-S1-EVO, 22.2R3-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.3-EVO", "lessThan": "22.3R1-S1-EVO, 22.3R2-EVO", "versionType": "semver"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "eng", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "solutions": [{"lang": "eng", "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 22.1R2-S2, 22.2R2-S1, 22.2R3, 22.3R1-S1, 22.3R1-S2, 22.3R2, 22.4R1, and all subsequent releases.\nJunos OS Evolved: 22.1R3-EVO, 22.2R2-S1-EVO, 22.2R3-EVO, 22.3R1-S1-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases.", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:<br>Junos OS: 22.1R2-S2, 22.2R2-S1, 22.2R3, 22.3R1-S1, 22.3R1-S2, 22.3R2, 22.4R1, and all subsequent releases.<br>Junos OS Evolved: 22.1R3-EVO, 22.2R2-S1-EVO, 22.2R3-EVO, 22.3R1-S1-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases.<br>", "base64": false}]}], "datePublic": "2024-07-10T16:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/JSA82992", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue.", "supportingMedia": [{"type": "text/html", "value": "There are no known workarounds for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An\u00a0Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information.\n\nWhen another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information.\nThis issue affects:\n\nJunos OS:\n\n\n\n * All versions before 22.1R2-S2,\n * 22.1R3 and later versions,\n * 22.2 versions before 22.2R2-S1, 22.2R3,\n * 22.3 versions before 22.3R1-S2, 22.3R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n * All versions before before 22.1R3-EVO,\n * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO,\n * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO.", "supportingMedia": [{"type": "text/html", "value": "An&nbsp;Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information.<br><br>When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information.<br><p>This issue affects:</p><p>Junos OS:</p><p></p><ul><li>All versions before 22.1R2-S2,</li><li>22.1R3 and later versions,</li><li>22.2 versions before 22.2R2-S1, 22.2R3,</li><li>22.3 versions before 22.3R1-S2, 22.3R2<span style=\"background-color: var(--wht);\">;</span></li></ul><p></p><p>Junos OS Evolved:</p><p></p><ul><li>All versions before before 22.1R3-EVO,</li><li>22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO,</li><li>22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO.</li></ul><p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-07-11T16:06:40.305Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39532", "state": "PUBLISHED", "dateUpdated": "2024-07-11T18:59:06.023Z", "dateReserved": "2024-06-25T15:12:53.241Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2024-07-11T16:06:40.305Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An\u00a0Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information.\n\nWhen another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information.\nThis issue affects:\n\nJunos OS:\n\n\n\n * All versions before 22.1R2-S2,\n * 22.1R3 and later versions,\n * 22.2 versions before 22.2R2-S1, 22.2R3,\n * 22.3 versions before 22.3R1-S2, 22.3R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n * All versions before before 22.1R3-EVO,\n * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO,\n * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO."}, {"lang": "es", "value": "Una vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en un archivo de registro en Juniper Networks Junos OS y Junos OS Evolved permite que un atacante local autenticado con altos privilegios acceda a informaci\u00f3n confidencial. Cuando otro usuario realiza una operaci\u00f3n espec\u00edfica, la informaci\u00f3n confidencial se almacena como texto sin formato en un archivo de registro espec\u00edfico, de modo que un atacante con altos privilegios tenga acceso a esta informaci\u00f3n. Este problema afecta a: Junos OS: * Todas las versiones anteriores a 22.1R2-S2, * 22.1R3 y versiones posteriores, * Versiones 22.2 anteriores a 22.2R2-S1, 22.2R3, * Versiones 22.3 anteriores a 22.3R1-S2, 22.3R2; Junos OS Evolved: * Todas las versiones anteriores a 22.1R3-EVO, * Versiones 22.2-EVO anteriores a 22.2R2-S1-EVO, 22.2R3-EVO, * Versiones 22.3-EVO anteriores a 22.3R1-S1-EVO, 22.3R2-EVO."}], "id": "CVE-2024-39532", "lastModified": "2024-07-11T18:09:58.777", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 4.7, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2024-07-11T17:15:10.403", "references": [{"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA82992"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

{}