HIGH🇵🇱 Wersja polska

CVE-2024-39565

CVSS 7.7v4.0pub. 2024-07-10upd. 2026-01-22

An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device.  While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker will have full control over the device. This issue affects Junos OS:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S7, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2.

CVSS Vector
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:M/U:Amber
  • Juniper Ex2300

    HW
    Juniper
    wszystkie wersje
  • Juniper Ex2300 C

    HW
    Juniper
    wszystkie wersje
  • Juniper Ex3400

    HW
    Juniper
    wszystkie wersje
  • Juniper Ex4000

    HW
    Juniper
    wszystkie wersje
  • Juniper Ex4100

    HW
    Juniper
    wszystkie wersje
  • Juniper Ex4100 F

    HW
    Juniper
    wszystkie wersje
  • Juniper Ex4100 H

    HW
    Juniper
    wszystkie wersje
  • Juniper Ex4300

    HW
    Juniper
    wszystkie wersje
  • Juniper Ex4400

    HW
    Juniper
    wszystkie wersje
  • Juniper Ex4600

    HW
    Juniper
    wszystkie wersje
  • Juniper Ex4650

    HW
    Juniper
    wszystkie wersje
  • Juniper Ex9204

    HW
    Juniper
    wszystkie wersje
  • Juniper Ex9208

    HW
    Juniper
    wszystkie wersje
  • Juniper Ex9214

    HW
    Juniper
    wszystkie wersje
  • Juniper Junos

    OS
    Juniper
    21.221.422.222.322.423.223.4< 21.2
  • Juniper J Web

    APP
    Juniper
    wszystkie wersje
  • Juniper Srx1500

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx1600

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx2300

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx300

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx320

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx340

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx345

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx380

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx4100

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx4120

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx4200

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx4300

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx4600

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx4700

    HW
    Juniper
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-36845CRITICAL9.8⚠ KEVten sam produkt

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SR...

CVE-2024-21591CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds Write w J-Web Juniper Junos OS — RCE z uprawnieniami root

CVE-2021-0248CRITICAL10.0ten sam produkt

This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials ...

CVE-2021-0254CRITICAL9.8ten sam produkt

A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unaut...

CVE-2021-0211CRITICAL10.0ten sam produkt

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Rout...