CVE-2024-39563 in Junos Spaceinfo

Zusammenfassung

von MITRE • 11.10.2024

A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete control of the device.

A specific script in the Junos Space web application allows attacker-controlled input from a GET request without sufficient input sanitization. A specially crafted request can exploit this vulnerability to execute arbitrary shell commands on the Junos Space Appliance.

This issue affects Junos Space 24.1R1. Previous versions of Junos Space are unaffected by this vulnerability.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Juniper

Reservieren

25.06.2024

Veröffentlichung

11.10.2024

Moderieren

akzeptiert

Eintrag

VDB-280088

CPE

bereit

CWE

CWE-77 (bestätigt)

CVSS

7.3 (CNA)

EPSS

0.01342

KEV

nein

Aktivitäten

very low

Sektor

Telecommunication, Hospital, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-39563
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-39563
CVE Details	https://www.cvedetails.com/cve/CVE-2024-39563/

◂ Zurück Übersicht Weiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!