Juniper Junos OS Evolved Console Physical Access Control Flaw
CVE-2024-39512 Published on July 10, 2024

Junos OS Evolved: User is not logged out when the console cable is disconnected
An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account. When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges. This issue affects Junos OS Evolved: * from 23.2R2-EVO before 23.2R2-S1-EVO,  * from 23.4R1-EVO before 23.4R2-EVO.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2024-39512 is exploitable with physical access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
PHYSICAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Improper Physical Access Control

The product is to be designed with access restricted to certain information, but it does not sufficiently protect against an unauthorized actor's ability to access these areas. Sections of a product intended to have restricted access may be inadvertently or intentionally rendered accessible when the implemented physical protections are insufficient. The specific requirements around how robust the design of the physical protection mechanism needs to be depends on the type of product being protected. Selecting the correct physical protection mechanism and properly enforcing it through implementation and manufacturing are critical to the overall physical security of the product.


Products Associated with CVE-2024-39512

Want to know whenever a new CVE is published for Juniper Networks Junos Os Evolved? stack.watch will email you.

Juniper Networks Junos Os Evolved
 

Affected Versions

Juniper Networks Junos OS Evolved: juniper junos_evolved:

Exploit Probability

EPSS
0.16%
Percentile
36.21%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.