CVE-2024-39512

An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account. When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges. This issue affects Junos OS Evolved: * from 23.2R2-EVO before 23.2R2-S1-EVO, * from 23.4R1-EVO before 23.4R2-EVO.

CVSS v3 6.6 MEDIUM

6.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://supportportal.juniper.net/JSA82977	Vendor Advisory
https://supportportal.juniper.net/JSA82977	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:juniper:junos_os_evolved:23.2:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.4:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s2::::::

History

07 Feb 2025, 19:36

Type	Values Removed	Values Added
First Time		Juniper junos Os Evolved Juniper
CWE		NVD-CWE-Other
References	~~() https://supportportal.juniper.net/JSA82977 -~~	() https://supportportal.juniper.net/JSA82977 - Vendor Advisory
CPE		cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:r1::::::

21 Nov 2024, 09:27

Type	Values Removed	Values Added
References	~~() https://supportportal.juniper.net/JSA82977 -~~	() https://supportportal.juniper.net/JSA82977 -

11 Jul 2024, 13:05

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de control de acceso físico inadecuado en el control del puerto de consola de Juniper Networks Junos OS Evolved permite que un atacante con acceso físico al dispositivo obtenga acceso a una cuenta de usuario. Cuando se desconecta el cable de la consola, el usuario que inició sesión no cierra la sesión. Esto permite que un atacante malintencionado con acceso físico a la consola reanude una sesión anterior y posiblemente obtenga privilegios administrativos. Este problema afecta a Junos OS Evolved: * desde 23.2R2-EVO antes de 23.2R2-S1-EVO, * desde 23.4R1-EVO antes de 23.4R2-EVO.

10 Jul 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-10 23:15

Updated : 2025-02-07 19:36

NVD link : CVE-2024-39512

Mitre link : CVE-2024-39512

CVE.ORG link : CVE-2024-39512

JSON object : View

Products Affected

juniper

junos_os_evolved

CWE

CWE-1263

Improper Physical Access Control

NVD-CWE-Other

6.6 /10