cve-2024-39565
Vulnerability from cvelistv5
Published
2024-07-10 22:55
Modified
2024-08-02 04:26
Severity ?
EPSS score ?
Summary
Junos OS: J-Web: An unauthenticated, network-based attacker can perform XPATH injection attack against a device.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Juniper Networks, Inc. | Junos OS |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2r3-s8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:juniper:junos_os:23.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "23.4r1-s1",
"status": "affected",
"version": "23.4",
"versionType": "custom"
},
{
"lessThan": "23.4r2",
"status": "affected",
"version": "23.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:juniper:junos_os:21.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s7",
"status": "affected",
"version": "21.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:juniper:junos_os:22.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.2r3-s4",
"status": "affected",
"version": "22.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:juniper:junos_os:22.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.3r3-s3",
"status": "affected",
"version": "22.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:juniper:junos_os:22.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.4r3-s2",
"status": "affected",
"version": "22.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:juniper:junos_os:23.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "23.2r2",
"status": "affected",
"version": "23.2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-13T03:55:19.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83023"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/v4-0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:I/V:C/RE:L/U:Amber"
},
{
"tags": [
"signature",
"x_transferred"
],
"url": "https://support.juniper.net/support/downloads/?p=283"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks, Inc.",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1, 23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following minimal configuration must be present on the device:\u003cbr\u003e\u003cbr\u003e[system services web-management http]\u003cbr\u003eor\u003cbr\u003e[system services web-management https]\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The following minimal configuration must be present on the device:\n\n[system services web-management http]\nor\n[system services web-management https]"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juniper SIRT would like to acknowledge and thank CataLpa of Hatlab, DbappSecurity Co. Ltd. for responsibly reporting this vulnerability."
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Neutralization of Data within XPath Expressions (\u0027XPath Injection\u0027) vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to\u0026nbsp;execute\u0026nbsp;remote commands on the target device.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eWhile an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user\u0027s credentials. In the worst case, the attacker will have full control over the device.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S7,\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4,\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3,\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2,\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S1, 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Neutralization of Data within XPath Expressions (\u0027XPath Injection\u0027) vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to\u00a0execute\u00a0remote commands on the target device.\u00a0\n\nWhile an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user\u0027s credentials. In the worst case, the attacker will have full control over the device.\nThis issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S7,\n * from 22.2 before 22.2R3-S4,\n * from 22.3 before 22.3R3-S3,\n * from 22.4 before 22.4R3-S2,\n * from 23.2 before 23.2R2,\n * from 23.4 before 23.4R1-S1, 23.4R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-643",
"description": "CWE-643 Improper Neutralization of Data within XPath Expressions (\u0027XPath Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T22:55:27.516Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83023"
},
{
"tags": [
"related"
],
"url": "https://www.first.org/cvss/calculator/v4-0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:I/V:C/RE:L/U:Amber"
},
{
"tags": [
"signature"
],
"url": "https://support.juniper.net/support/downloads/?p=283"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8, 21.4R3-S7, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8, 21.4R3-S7, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83023",
"defect": [
"1786296"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS: J-Web: An unauthenticated, network-based attacker can\u00a0perform XPATH injection attack against a device.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue other than disabling J-Web when not in use. \u003c/p\u003e\u003cp\u003eJuniper Networks has written an effective countermeasure for this attack at IDP Signature SigPack #3675 onward, released on 07 February 2024. The signature \u201cHTTP:PHP:LAUNCHPAD-CMD-INJ\u201d will identify and block the attack. For best effect, customers may deploy this signature on devices where J-Web is not used.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue other than disabling J-Web when not in use. \n\nJuniper Networks has written an effective countermeasure for this attack at IDP Signature SigPack #3675 onward, released on 07 February 2024. The signature \u201cHTTP:PHP:LAUNCHPAD-CMD-INJ\u201d will identify and block the attack. For best effect, customers may deploy this signature on devices where J-Web is not used."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMethods which may reduce, but not eliminate, the risk for exploitation of these problems, and which does not mitigate or resolve the underlying problem include:\u003c/p\u003e\u003cp\u003e\u2022 Deploying the appropriate IDP Signature on devices which do not have J-Web enabled which protect the device downstream which requires J-Web to be enabled.\u003c/p\u003e\u003cp\u003e\u2022 Disabling J-Web and using only alternate options such as Netconf over SSH for device management\u003c/p\u003e\u003cp\u003e\u2022 Restricting the use of J-Web to low-privileged accounts only\u003c/p\u003e\u003cp\u003eIn addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts.\u003c/p\u003e"
}
],
"value": "Methods which may reduce, but not eliminate, the risk for exploitation of these problems, and which does not mitigate or resolve the underlying problem include:\n\n\u2022 Deploying the appropriate IDP Signature on devices which do not have J-Web enabled which protect the device downstream which requires J-Web to be enabled.\n\n\u2022 Disabling J-Web and using only alternate options such as Netconf over SSH for device management\n\n\u2022 Restricting the use of J-Web to low-privileged accounts only\n\nIn addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39565",
"datePublished": "2024-07-10T22:55:27.516Z",
"dateReserved": "2024-06-25T15:12:53.249Z",
"dateUpdated": "2024-08-02T04:26:15.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-39565\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2024-07-10T23:15:13.940\",\"lastModified\":\"2024-07-11T13:05:54.930\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Improper Neutralization of Data within XPath Expressions (\u0027XPath Injection\u0027) vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to\u00a0execute\u00a0remote commands on the target device.\u00a0\\n\\nWhile an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user\u0027s credentials. In the worst case, the attacker will have full control over the device.\\nThis issue affects Junos OS:\u00a0\\n\\n\\n\\n * All versions before 21.2R3-S8,\u00a0\\n * from 21.4 before 21.4R3-S7,\\n * from 22.2 before 22.2R3-S4,\\n * from 22.3 before 22.3R3-S3,\\n * from 22.4 before 22.4R3-S2,\\n * from 23.2 before 23.2R2,\\n * from 23.4 before 23.4R1-S1, 23.4R2.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de neutralizaci\u00f3n inadecuada de datos dentro de expresiones XPath (\u0027inyecci\u00f3n XPath\u0027) en J-Web incluido con Juniper Networks Junos OS permite que un atacante basado en red no autenticado ejecute comandos remotos en el dispositivo objetivo. Mientras un administrador inicia sesi\u00f3n en una sesi\u00f3n de J-Web o ha iniciado sesi\u00f3n previamente y posteriormente ha cerrado sesi\u00f3n en su sesi\u00f3n de J-Web, el atacante puede ejecutar comandos arbitrariamente en el dispositivo de destino con las credenciales del otro usuario. En el peor de los casos, el atacante tendr\u00e1 control total sobre el dispositivo. Este problema afecta a Junos OS: * Todas las versiones anteriores a 21.2R3-S8, * desde 21.4 anterior a 21.4R3-S7, * desde 22.2 anterior a 22.2R3-S4, * desde 22.3 anterior a 22.3R3-S3, * desde 22.4 anterior a 22.4R3-S2 , * de 23.2 antes de 23.2R2, * de 23.4 antes de 23.4R1-S1, 23.4R2.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:M/U:Amber\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnerableSystemConfidentiality\":\"HIGH\",\"vulnerableSystemIntegrity\":\"HIGH\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"YES\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"CONCENTRATED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"AMBER\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-643\"}]}],\"references\":[{\"url\":\"https://support.juniper.net/support/downloads/?p=283\",\"source\":\"sirt@juniper.net\"},{\"url\":\"https://supportportal.juniper.net/JSA83023\",\"source\":\"sirt@juniper.net\"},{\"url\":\"https://www.first.org/cvss/calculator/v4-0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:I/V:C/RE:L/U:Amber\",\"source\":\"sirt@juniper.net\"}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.