VYPR
Unrated severityNVD Advisory· Published Jul 11, 2024· Updated Aug 27, 2025

Junos OS Evolved: Local low-privilege user can gain root permissions leading to privilege escalation

CVE-2024-39546

Description

A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system.

This issue affects Junos OS Evolved:

  • All versions prior to 21.2R3-S8-EVO,
  • 21.4 versions prior to  21.4R3-S6-EVO,
  • 22.1 versions prior to 22.1R3-S5-EVO,
  • 22.2 versions prior to 22.2R3-S3-EVO,
  • 22.3 versions prior to 22.3R3-S3-EVO,
  • 22.4 versions prior to 22.4R3-EVO,
  • 23.2 versions prior to 23.2R2-EVO.

Affected products

2
  • All versions prior to 21.2R3-S8-EVO, 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S3-EVO, 22.4R3-EVO, 23.2R2-EVO+ 1 more
    • (no CPE)range: All versions prior to 21.2R3-S8-EVO, 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S3-EVO, 22.4R3-EVO, 23.2R2-EVO
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.