Sysmanctl Priv Esc in Junos OS Evolved (pre21.4R2EVO)
CVE-2023-28973 Published on April 17, 2023
Junos OS Evolved: The 'sysmanctl' shell command allows a local user to gain access to some administrative actions
An Improper Authorization vulnerability in the 'sysmanctl' shell command of Juniper Networks Junos OS Evolved allows a local, authenticated attacker to execute administrative commands that could impact the integrity of the system or system availability. Administrative functions such as daemon restarting, routing engine (RE) switchover, and node shutdown can all be performed through exploitation of the 'sysmanctl' command. Access to the 'sysmanctl' command is only available from the Junos shell. Neither direct nor indirect access to 'sysmanctl' is available from the Junos CLI. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R1-S2-EVO, 21.4R2-EVO.
Vulnerability Analysis
CVE-2023-28973 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CVE-2023-28973 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2023-28973
stack.watch emails you whenever new vulnerabilities are published in Juniper Networks Junos Os Evolved or Juniper Networks Junos Evolved. Just hit a watch button to start following.
Affected Versions
Juniper Networks Junos OS Evolved:- Version unspecified and below 20.4R3-S5-EVO is affected.
- Version 21.2 and below 21.2R3-EVO is affected.
- Version 21.3 and below 21.3R2-EVO is affected.
- Version 21.4 and below 21.4R1-S2-EVO, 21.4R2-EVO is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.