CVE-2024-39544

Summary

CVE-2024-39544 is a vulnerability affecting Juniper Networks Junos OS Evolved, where incorrect default permissions in the command line interface (CLI) lead to sensitive information exposure. On all impacted platforms, netconf traceoptions files are created with insufficient group permissions, enabling a low-privileged local attacker to view these files and access confidential system information. Affected versions include all releases before 20.4R3-S9-EVO, 21.2-EVO before 21.2R3-S7-EVO, 21.4-EVO before 21.4R3-S5-EVO, 22.1-EVO before 22.1R3-S5-EVO, 22.2-EVO before 22.2R3-S3-EVO, 22.3-EVO before 22.3R3-EVO and 22.3R3-S2-EVO, 22.4-EVO before 22.4R3-EVO, and 23.2-EVO before 23.2R1-S2-EVO and 23.2R2-EVO. This issue poses a significant confidentiality risk to the impacted systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.