CVE-2024-39522
📋 TL;DR
This vulnerability allows local authenticated users with low privileges on Juniper Junos OS Evolved to escalate to root privileges by executing specific CLI commands with crafted parameters. It affects Junos OS Evolved 22.3-EVO versions before 22.3R2-EVO and 22.4-EVO versions before 22.4R1-S1-EVO and 22.4R2-EVO.
💻 Affected Systems
- Juniper Networks Junos OS Evolved
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with root access, allowing complete control over the device, data exfiltration, persistence, and lateral movement.
Likely Case
Privilege escalation from low-privilege authenticated user to root, enabling unauthorized configuration changes, service disruption, and credential harvesting.
If Mitigated
Limited impact if proper access controls restrict low-privilege user access and command execution.
🎯 Exploit Status
Exploitation details are not publicly disclosed; requires local authenticated access with low privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 22.3R2-EVO, 22.4R1-S1-EVO, or 22.4R2-EVO
Vendor Advisory: https://supportportal.juniper.net/JSA82975
Restart Required: Yes
Instructions:
1. Download the patched version from Juniper support. 2. Backup configuration. 3. Install the update via CLI or management interface. 4. Reboot the device as required.
🔧 Temporary Workarounds
Restrict CLI Access
allLimit CLI access to low-privilege users by modifying user permissions or disabling unnecessary accounts.
set system login user <username> class <restricted-class>
delete system login user <username>
🧯 If You Can't Patch
- Implement strict access controls to limit CLI access to trusted users only.
- Monitor and audit CLI command execution for suspicious activity.
🔍 How to Verify
Check if Vulnerable:
Check Junos OS Evolved version using 'show version' and compare to affected versions.Check Version:
show versionVerify Fix Applied:
After patching, verify version is 22.3R2-EVO or later, or 22.4R1-S1-EVO/22.4R2-EVO or later.📡 Detection & Monitoring
Log Indicators:
- Unusual CLI command executions by low-privilege users
- Privilege escalation attempts in system logs
Network Indicators:
- N/A - Local exploitation only
SIEM Query:
Search for CLI command logs from low-privilege users containing crafted parameters or privilege changes.