CVE-2024-39532

{"id": "CVE-2024-39532", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 1.1}], "cvssMetricV40": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 4.2, "automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "LOW", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "HIGH", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-07-11T17:15:10.403", "references": [{"url": "https://supportportal.juniper.net/JSA82992", "source": "sirt@juniper.net"}, {"url": "https://supportportal.juniper.net/JSA82992", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "An\u00a0Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information.\n\nWhen another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information.\nThis issue affects:\n\nJunos OS:\n\n\n\n * All versions before 22.1R2-S2,\n * 22.1R3 and later versions,\n * 22.2 versions before 22.2R2-S1, 22.2R3,\n * 22.3 versions before 22.3R1-S2, 22.3R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n * All versions before before 22.1R3-EVO,\n * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO,\n * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO."}, {"lang": "es", "value": "Una vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en un archivo de registro en Juniper Networks Junos OS y Junos OS Evolved permite que un atacante local autenticado con altos privilegios acceda a informaci\u00f3n confidencial. Cuando otro usuario realiza una operaci\u00f3n espec\u00edfica, la informaci\u00f3n confidencial se almacena como texto sin formato en un archivo de registro espec\u00edfico, de modo que un atacante con altos privilegios tenga acceso a esta informaci\u00f3n. Este problema afecta a: Junos OS: * Todas las versiones anteriores a 22.1R2-S2, * 22.1R3 y versiones posteriores, * Versiones 22.2 anteriores a 22.2R2-S1, 22.2R3, * Versiones 22.3 anteriores a 22.3R1-S2, 22.3R2; Junos OS Evolved: * Todas las versiones anteriores a 22.1R3-EVO, * Versiones 22.2-EVO anteriores a 22.2R2-S1-EVO, 22.2R3-EVO, * Versiones 22.3-EVO anteriores a 22.3R1-S1-EVO, 22.3R2-EVO."}], "lastModified": "2024-11-21T09:27:56.860", "sourceIdentifier": "sirt@juniper.net"}