First published: Wed Jul 10 2024(Updated: )
An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account. When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges. This issue affects Junos OS Evolved: * from 23.2R2-EVO before 23.2R2-S1-EVO, * from 23.4R1-EVO before 23.4R2-EVO.
Credit: sirt@juniper.net
Affected Software | Affected Version | How to fix |
---|---|---|
Juniper Networks Junos OS Evolved | >23.2R2-EVO<23.2R2-S1-EVO>23.4R1-EVO<23.4R2-EVO | |
Juniper Junos os Evolved | =23.2-r2 | |
Juniper Junos os Evolved | =23.4-r1 | |
Juniper Junos os Evolved | =23.4-r1-s1 | |
Juniper Junos os Evolved | =23.4-r1-s2 |
The following software releases have been updated to resolve this specific issue: 23.2R2-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-39512 is classified as a high severity vulnerability due to its potential for unauthorized access.
To mitigate CVE-2024-39512, ensure that user sessions are properly terminated when the console cable is disconnected.
CVE-2024-39512 affects devices running specific versions of Juniper Networks Junos OS Evolved, including 23.2R2-EVO and 23.4R1-EVO.
CVE-2024-39512 is an improper physical access control vulnerability.
An attacker with physical access to the device could gain access to a user account without proper authentication due to the lack of session termination.