Juniper Junos OS Evolved Vulnerabilities Enable Root-Level Compromise

Juniper Networks has issued patches to address five vulnerabilities discovered within its Junos OS Evolved operating system. These flaws, collectively assigned Common Vulnerabilities and Exposures (CVEs) 2024-39520 through 2024-39524, pose a significant risk, as successful exploitation could grant attackers complete control over affected systems.

The heart of the vulnerabilities lies in how the Junos OS Evolved Command Line Interface (CLI) handles certain command options. By manipulating specific parameters within these commands, attackers who have already gained low-level access to a system could escalate their privileges to the highest level (“root”). This would allow them to execute arbitrary code, modify configurations, exfiltrate sensitive data, or disrupt network operations.

This series of vulnerabilities has been assigned a Common Vulnerability Scoring System (CVSS v4) score of 8.5, categorizing them as high severity.

• CVE-2024-39520
• CVE-2024-39521
• CVE-2024-39522
• CVE-2024-39523
• CVE-2024-39524

Juniper Networks has swiftly responded to the discovery of these vulnerabilities by releasing updated software versions that remediate the issues. Users running Junos OS Evolved versions prior to 20.4R3-S7-EVO, as well as various versions between 21.2-EVO and 22.4-EVO, are strongly advised to upgrade to the patched releases immediately.

While no workarounds exist for these vulnerabilities, administrators can mitigate the risk by enforcing strict access controls and limiting system access to trusted personnel only. However, the most effective course of action is to apply the patches without delay.