CVE-2024-39565 - Vulnerability Details

Vendors	Products
Juniper	Junos Os

Source	ID	Title
EUVD	EUVD-2024-38090	An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker will have full control over the device. This issue affects Junos OS: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S7, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2.

Link	Providers
https://support.juniper.net/support/downloads/?p=283
https://supportportal.juniper.net/JSA83023
https://www.first.org/cvss/calculator/v4-0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:I/V:C/RE:L/U:Amber

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39565", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2024-06-25T15:12:53.249Z", "datePublished": "2024-07-10T22:55:27.516Z", "dateUpdated": "2024-08-02T04:26:15.990Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks, Inc.", "versions": [{"lessThan": "21.2R3-S8", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "21.4R3-S7", "status": "affected", "version": "21.4", "versionType": "semver"}, {"lessThan": "22.2R3-S4", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R3-S3", "status": "affected", "version": "22.3", "versionType": "semver"}, {"lessThan": "22.4R3-S2", "status": "affected", "version": "22.4", "versionType": "semver"}, {"lessThan": "23.2R2", "status": "affected", "version": "23.2", "versionType": "semver"}, {"lessThan": "23.4R1-S1, 23.4R2", "status": "affected", "version": "23.4", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following minimal configuration must be present on the device: [system services web-management http] or [system services web-management https] "}], "value": "The following minimal configuration must be present on the device:\n\n[system services web-management http]\nor\n[system services web-management https]"}], "credits": [{"lang": "en", "type": "finder", "value": "Juniper SIRT would like to acknowledge and thank CataLpa of Hatlab, DbappSecurity Co. Ltd. for responsibly reporting this vulnerability."}], "datePublic": "2024-07-10T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device.  While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker will have full control over the device. This issue affects Junos OS: <ul><li>All versions before 21.2R3-S8, </li><li>from 21.4 before 21.4R3-S7,</li><li>from 22.2 before 22.2R3-S4,</li><li>from 22.3 before 22.3R3-S3,</li><li>from 22.4 before 22.4R3-S2,</li><li>from 23.2 before 23.2R2,</li><li>from 23.4 before 23.4R1-S1, 23.4R2.</li></ul>"}], "value": "An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to\u00a0execute\u00a0remote commands on the target device.\u00a0\n\nWhile an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker will have full control over the device.\nThis issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S7,\n * from 22.2 before 22.2R3-S4,\n * from 22.3 before 22.3R3-S3,\n * from 22.4 before 22.4R3-S2,\n * from 23.2 before 23.2R2,\n * from 23.4 before 23.4R1-S1, 23.4R2."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 7.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-643", "description": "CWE-643 Improper Neutralization of Data within XPath Expressions ('XPath Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-07-10T22:55:27.516Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA83023"}, {"tags": ["related"], "url": "https://www.first.org/cvss/calculator/v4-0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:I/V:C/RE:L/U:Amber"}, {"tags": ["signature"], "url": "https://support.juniper.net/support/downloads/?p=283"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8, 21.4R3-S7, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8, 21.4R3-S7, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases."}], "source": {"advisory": "JSA83023", "defect": ["1786296"], "discovery": "EXTERNAL"}, "title": "Junos OS: J-Web: An unauthenticated, network-based attacker can\u00a0perform XPATH injection attack against a device.", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue other than disabling J-Web when not in use. Juniper Networks has written an effective countermeasure for this attack at IDP Signature SigPack #3675 onward, released on 07 February 2024. The signature \u201cHTTP:PHP:LAUNCHPAD-CMD-INJ\u201d will identify and block the attack. For best effect, customers may deploy this signature on devices where J-Web is not used."}], "value": "There are no known workarounds for this issue other than disabling J-Web when not in use. \n\nJuniper Networks has written an effective countermeasure for this attack at IDP Signature SigPack #3675 onward, released on 07 February 2024. The signature \u201cHTTP:PHP:LAUNCHPAD-CMD-INJ\u201d will identify and block the attack. For best effect, customers may deploy this signature on devices where J-Web is not used."}, {"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Methods which may reduce, but not eliminate, the risk for exploitation of these problems, and which does not mitigate or resolve the underlying problem include:\u2022 Deploying the appropriate IDP Signature on devices which do not have J-Web enabled which protect the device downstream which requires J-Web to be enabled.\u2022 Disabling J-Web and using only alternate options such as Netconf over SSH for device management\u2022 Restricting the use of J-Web to low-privileged accounts onlyIn addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts."}], "value": "Methods which may reduce, but not eliminate, the risk for exploitation of these problems, and which does not mitigate or resolve the underlying problem include:\n\n\u2022 Deploying the appropriate IDP Signature on devices which do not have J-Web enabled which protect the device downstream which requires J-Web to be enabled.\n\n\u2022 Disabling J-Web and using only alternate options such as Netconf over SSH for device management\n\n\u2022 Restricting the use of J-Web to low-privileged accounts only\n\nIn addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "juniper", "product": "junos_os", "cpes": ["cpe:2.3:a:juniper:junos_os:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "21.2r3-s8", "versionType": "custom"}]}, {"vendor": "juniper", "product": "junos_os", "cpes": ["cpe:2.3:a:juniper:junos_os:23.4:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "23.4", "status": "affected", "lessThan": "23.4r1-s1", "versionType": "custom"}, {"version": "23.4", "status": "affected", "lessThan": "23.4r2", "versionType": "custom"}]}, {"vendor": "juniper", "product": "junos_os", "cpes": ["cpe:2.3:a:juniper:junos_os:21.4:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "21.4", "status": "affected", "lessThan": "21.4r3-s7", "versionType": "custom"}]}, {"vendor": "juniper", "product": "junos_os", "cpes": ["cpe:2.3:a:juniper:junos_os:22.2:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "22.2", "status": "affected", "lessThan": "22.2r3-s4", "versionType": "custom"}]}, {"vendor": "juniper", "product": "junos_os", "cpes": ["cpe:2.3:a:juniper:junos_os:22.3:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "22.3", "status": "affected", "lessThan": "22.3r3-s3", "versionType": "custom"}]}, {"vendor": "juniper", "product": "junos_os", "cpes": ["cpe:2.3:a:juniper:junos_os:22.4:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "22.4", "status": "affected", "lessThan": "22.4r3-s2", "versionType": "custom"}]}, {"vendor": "juniper", "product": "junos_os", "cpes": ["cpe:2.3:a:juniper:junos_os:23.2:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "23.2", "status": "affected", "lessThan": "23.2r2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-12T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-39565"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-13T03:55:19.056Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.990Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://supportportal.juniper.net/JSA83023"}, {"tags": ["related", "x_transferred"], "url": "https://www.first.org/cvss/calculator/v4-0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:I/V:C/RE:L/U:Amber"}, {"tags": ["signature", "x_transferred"], "url": "https://support.juniper.net/support/downloads/?p=283"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39565", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-11T15:15:50.682330Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:juniper:junos_os:*:*:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos_os", "versions": [{"status": "affected", "version": "0", "lessThan": "21.2r3-s8", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:juniper:junos_os:23.4:*:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos_os", "versions": [{"status": "affected", "version": "23.4", "lessThan": "23.4r1-s1", "versionType": "custom"}, {"status": "affected", "version": "23.4", "lessThan": "23.4r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:juniper:junos_os:21.4:*:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos_os", "versions": [{"status": "affected", "version": "21.4", "lessThan": "21.4r3-s7", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:juniper:junos_os:22.2:*:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos_os", "versions": [{"status": "affected", "version": "22.2", "lessThan": "22.2r3-s4", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:juniper:junos_os:22.3:*:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos_os", "versions": [{"status": "affected", "version": "22.3", "lessThan": "22.3r3-s3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:juniper:junos_os:22.4:*:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos_os", "versions": [{"status": "affected", "version": "22.4", "lessThan": "22.4r3-s2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:juniper:junos_os:23.2:*:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos_os", "versions": [{"status": "affected", "version": "23.2", "lessThan": "23.2r2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T15:34:33.461Z"}}], "cna": {"title": "Junos OS: J-Web: An unauthenticated, network-based attacker can\u00a0perform XPATH injection attack against a device.", "source": {"defect": ["1786296"], "advisory": "JSA83023", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Juniper SIRT would like to acknowledge and thank CataLpa of Hatlab, DbappSecurity Co. Ltd. for responsibly reporting this vulnerability."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.7, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/V:C/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks, Inc.", "product": "Junos OS", "versions": [{"status": "affected", "version": "0", "lessThan": "21.2R3-S8", "versionType": "semver"}, {"status": "affected", "version": "21.4", "lessThan": "21.4R3-S7", "versionType": "semver"}, {"status": "affected", "version": "22.2", "lessThan": "22.2R3-S4", "versionType": "semver"}, {"status": "affected", "version": "22.3", "lessThan": "22.3R3-S3", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R3-S2", "versionType": "semver"}, {"status": "affected", "version": "23.2", "lessThan": "23.2R2", "versionType": "semver"}, {"status": "affected", "version": "23.4", "lessThan": "23.4R1-S1, 23.4R2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8, 21.4R3-S7, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases.", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8, 21.4R3-S7, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases.", "base64": false}]}], "datePublic": "2024-07-10T16:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/JSA83023", "tags": ["vendor-advisory"]}, {"url": "https://www.first.org/cvss/calculator/v4-0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:I/V:C/RE:L/U:Amber", "tags": ["related"]}, {"url": "https://support.juniper.net/support/downloads/?p=283", "tags": ["signature"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue other than disabling J-Web when not in use. \n\nJuniper Networks has written an effective countermeasure for this attack at IDP Signature SigPack #3675 onward, released on 07 February 2024. The signature \u201cHTTP:PHP:LAUNCHPAD-CMD-INJ\u201d will identify and block the attack. For best effect, customers may deploy this signature on devices where J-Web is not used.", "supportingMedia": [{"type": "text/html", "value": "There are no known workarounds for this issue other than disabling J-Web when not in use. Juniper Networks has written an effective countermeasure for this attack at IDP Signature SigPack #3675 onward, released on 07 February 2024. The signature \u201cHTTP:PHP:LAUNCHPAD-CMD-INJ\u201d will identify and block the attack. For best effect, customers may deploy this signature on devices where J-Web is not used.", "base64": false}]}, {"lang": "en", "value": "Methods which may reduce, but not eliminate, the risk for exploitation of these problems, and which does not mitigate or resolve the underlying problem include:\n\n\u2022 Deploying the appropriate IDP Signature on devices which do not have J-Web enabled which protect the device downstream which requires J-Web to be enabled.\n\n\u2022 Disabling J-Web and using only alternate options such as Netconf over SSH for device management\n\n\u2022 Restricting the use of J-Web to low-privileged accounts only\n\nIn addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts.", "supportingMedia": [{"type": "text/html", "value": "Methods which may reduce, but not eliminate, the risk for exploitation of these problems, and which does not mitigate or resolve the underlying problem include:\u2022 Deploying the appropriate IDP Signature on devices which do not have J-Web enabled which protect the device downstream which requires J-Web to be enabled.\u2022 Disabling J-Web and using only alternate options such as Netconf over SSH for device management\u2022 Restricting the use of J-Web to low-privileged accounts onlyIn addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to\u00a0execute\u00a0remote commands on the target device.\u00a0\n\nWhile an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker will have full control over the device.\nThis issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S7,\n * from 22.2 before 22.2R3-S4,\n * from 22.3 before 22.3R3-S3,\n * from 22.4 before 22.4R3-S2,\n * from 23.2 before 23.2R2,\n * from 23.4 before 23.4R1-S1, 23.4R2.", "supportingMedia": [{"type": "text/html", "value": "An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device.  While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker will have full control over the device. This issue affects Junos OS: <ul><li>All versions before 21.2R3-S8, </li><li>from 21.4 before 21.4R3-S7,</li><li>from 22.2 before 22.2R3-S4,</li><li>from 22.3 before 22.3R3-S3,</li><li>from 22.4 before 22.4R3-S2,</li><li>from 23.2 before 23.2R2,</li><li>from 23.4 before 23.4R1-S1, 23.4R2.</li></ul>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-643", "description": "CWE-643 Improper Neutralization of Data within XPath Expressions ('XPath Injection')"}]}], "configurations": [{"lang": "en", "value": "The following minimal configuration must be present on the device:\n\n[system services web-management http]\nor\n[system services web-management https]", "supportingMedia": [{"type": "text/html", "value": "The following minimal configuration must be present on the device: [system services web-management http] or [system services web-management https] ", "base64": false}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-07-10T22:55:27.516Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39565", "state": "PUBLISHED", "dateUpdated": "2024-07-13T03:55:19.056Z", "dateReserved": "2024-06-25T15:12:53.249Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2024-07-10T22:55:27.516Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to\u00a0execute\u00a0remote commands on the target device.\u00a0\n\nWhile an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker will have full control over the device.\nThis issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S7,\n * from 22.2 before 22.2R3-S4,\n * from 22.3 before 22.3R3-S3,\n * from 22.4 before 22.4R3-S2,\n * from 23.2 before 23.2R2,\n * from 23.4 before 23.4R1-S1, 23.4R2."}, {"lang": "es", "value": "Una vulnerabilidad de neutralizaci\u00f3n inadecuada de datos dentro de expresiones XPath ('inyecci\u00f3n XPath') en J-Web incluido con Juniper Networks Junos OS permite que un atacante basado en red no autenticado ejecute comandos remotos en el dispositivo objetivo. Mientras un administrador inicia sesi\u00f3n en una sesi\u00f3n de J-Web o ha iniciado sesi\u00f3n previamente y posteriormente ha cerrado sesi\u00f3n en su sesi\u00f3n de J-Web, el atacante puede ejecutar comandos arbitrariamente en el dispositivo de destino con las credenciales del otro usuario. En el peor de los casos, el atacante tendr\u00e1 control total sobre el dispositivo. Este problema afecta a Junos OS: * Todas las versiones anteriores a 21.2R3-S8, * desde 21.4 anterior a 21.4R3-S7, * desde 22.2 anterior a 22.2R3-S4, * desde 22.3 anterior a 22.3R3-S3, * desde 22.4 anterior a 22.4R3-S2 , * de 23.2 antes de 23.2R2, * de 23.4 antes de 23.4R1-S1, 23.4R2."}], "id": "CVE-2024-39565", "lastModified": "2024-11-21T09:28:01.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "sirt@juniper.net", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "automatable": "YES", "availabilityRequirements": "NOT_DEFINED", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "PASSIVE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:M/U:Amber", "version": "4.0", "vulnerabilityResponseEffort": "MODERATE", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2024-07-10T23:15:13.940", "references": [{"source": "sirt@juniper.net", "url": "https://support.juniper.net/support/downloads/?p=283"}, {"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA83023"}, {"source": "sirt@juniper.net", "url": "https://www.first.org/cvss/calculator/v4-0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:I/V:C/RE:L/U:Amber"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.juniper.net/support/downloads/?p=283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://supportportal.juniper.net/JSA83023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.first.org/cvss/calculator/v4-0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:I/V:C/RE:L/U:Amber"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-643"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object