// For flags

CVE-2024-39512

Junos OS Evolved: User is not logged out when the console cable is disconnected

Severity Score

7.0
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.

When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.

This issue affects Junos OS Evolved:
* from 23.2R2-EVO before 23.2R2-S1-EVO, 
* from 23.4R1-EVO before 23.4R2-EVO.

Una vulnerabilidad de control de acceso físico inadecuado en el control del puerto de consola de Juniper Networks Junos OS Evolved permite que un atacante con acceso físico al dispositivo obtenga acceso a una cuenta de usuario. Cuando se desconecta el cable de la consola, el usuario que inició sesión no cierra la sesión. Esto permite que un atacante malintencionado con acceso físico a la consola reanude una sesión anterior y posiblemente obtenga privilegios administrativos. Este problema afecta a Junos OS Evolved: * desde 23.2R2-EVO antes de 23.2R2-S1-EVO, * desde 23.4R1-EVO antes de 23.4R2-EVO.

*Credits: N/A
CVSS Scores
Attack Vector
Physical
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
Passive
System
Vulnerable | Subsequent
Confidentiality
High
None
Integrity
High
None
Availability
High
None
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-06-25 CVE Reserved
  • 2024-07-10 CVE Published
  • 2024-07-11 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-1263: Improper Physical Access Control
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://supportportal.juniper.net/JSA82977 2024-07-11
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
 >= 23.2R2-EVO < 23.2R2-S1-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 23.2R2-EVO < 23.2R2-S1-EVO"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
 >= 23.4R1-EVO < 23.4R2-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 23.4R1-EVO < 23.4R2-EVO"
en
Affected