CVE-2024-39565 – Junos OS: J-Web: An unauthenticated, network-based attacker can perform XPATH injection attack against a device.

https://notcve.org/view.php?id=CVE-2024-39565

10 Jul 2024 — An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker wil... • https://support.juniper.net/support/downloads/?p=283 • CWE-643: Improper Neutralization of Data within XPath Expressions ('XPath Injection') •