Juniper Junos OS Evolved Authorization Bypass Vulnerability (CVE-2024-47495)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability ID: CVE-2024-47495 2. Affected Product: Junos OS Evolved 21.2-EVO, 21.4-EVO, 22.2-EVO, 22.3-EVO, 22.4-EVO, 23.2-EVO, 23.4-EVO 3. Severity: Medium 4. Issue Description: An authorization bypass user control key vulnerability allows a local authenticated attacker with shell privileges to gain complete control over devices running Juniper Networks Junos OS Evolved. 5. Affected Versions: - All versions prior to 21.2R3-S8-EVO - All versions from 21.4-EVO prior to 21.4R3-S8-EVO - All versions from 22.2-EVO prior to 22.2R3-S4-EVO - All versions from 22.3-EVO prior to 22.3R3-S4-EVO - All versions from 22.4-EVO prior to 22.4R3-S3-EVO - All versions from 23.2-EVO prior to 23.2R2-S1-EVO - All versions from 23.4-EVO prior to 23.4R2-S1-EVO 6. Remediation: - Upgrade to the following fixed software versions: 21.2R3-S8-EVO, 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S4-EVO, 22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R2-S1-EVO, 24.2R1-EVO, and all subsequent versions. - Note: Juniper SIRT’s policy does not evaluate versions beyond End of Engineering (EOE) or End of Life (EOL). 7. Mitigation Measures: - Restrict device access to only trusted management networks, users, and hosts. - Reduce the risk of exploitation of the vulnerability. This information helps users understand the scope of impact, severity, and how to remediate and mitigate the vulnerability.

Goal Reached Thanks to every supporter — we hit 100%!

Juniper Junos OS Evolved Authorization Bypass Vulnerability (CVE-2024-47495)