An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device. Please note that this service is enabled by default as no specific configuration is required. This issue affects Junos OS Evolved on PTX Series: * 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO. This issue does not affect Junos OS Evolved versions before 25.4R1-EVO. This issue does not affect Junos OS.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:RedJuniper Junos Os Evolved
OSJuniper25.4Juniper Ptx10001 36mr
HWJuniperwszystkie wersjeJuniper Ptx10002 36qdd
HWJuniperwszystkie wersjeJuniper Ptx10003
HWJuniperwszystkie wersjeJuniper Ptx10004
HWJuniperwszystkie wersjeJuniper Ptx10008
HWJuniperwszystkie wersjeJuniper Ptx10016
HWJuniperwszystkie wersje
Related vulnerabilities
An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Rout...
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forward...
A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2a...
An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Jun...
A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos O...