"value":"An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in use on Juniper Networks Junos OS Evolved devices.\n\nThis issue affects:\nJuniper Networks Junos OS Evolved with dual-REs:\n * All versions before 21.2R3-S8-EVO,\n * from 21.4-EVO before 21.4R3-S8-EVO,\n * from 22.2-EVO before 22.2R3-S4-EVO,\n * from 22.3-EVO before 22.3R3-S4-EVO,\n * from 22.4-EVO before 22.4R3-S3-EVO,\n * from 23.2-EVO before 23.2R2-S1-EVO,\n * from 23.4-EVO before 23.4R2-S1-EVO.\n\n\n\nThis issue does not affect Juniper Networks Junos OS."
}
]
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang":"eng",
"value":"CWE-639 Authorization Bypass Through User-Controlled Key",
"cweId":"CWE-639"
}
]
}
]
},
"affects":{
"vendor":{
"vendor_data":[
{
"vendor_name":"Juniper Networks",
"product":{
"product_data":[
{
"product_name":"Junos OS Evolved",
"version":{
"version_data":[
{
"version_affected":"<",
"version_name":"0",
"version_value":"21.2R3-S8-EVO"
},
{
"version_affected":"<",
"version_name":"21.4-EVO",
"version_value":"21.4R3-S8-EVO"
},
{
"version_affected":"<",
"version_name":"22.2-EVO",
"version_value":"22.2R3-S4-EVO"
},
{
"version_affected":"<",
"version_name":"22.3-EVO",
"version_value":"22.3R3-S4-EVO"
},
{
"version_affected":"<",
"version_name":"22.4-EVO",
"version_value":"22.4R3-S3-EVO"
},
{
"version_affected":"<",
"version_name":"23.2-EVO",
"version_value":"23.2R2-S1-EVO"
},
{
"version_affected":"<",
"version_name":"23.4-EVO",
"version_value":"23.4R2-S1-EVO"
}
]
}
}
]
}
}
]
}
},
"references":{
"reference_data":[
{
"url":"https://kb.juniper.net/JSA88122",
"refsource":"MISC",
"name":"https://kb.juniper.net/JSA88122"
}
]
},
"generator":{
"engine":"Vulnogram 0.1.0-dev"
},
"source":{
"advisory":"JSA88122",
"defect":[
"1790662"
],
"discovery":"INTERNAL"
},
"configuration":[
{
"lang":"en",
"supportingMedia":[
{
"base64":false,
"type":"text/html",
"value":"To determine if the system is running a dual routing engine verify if the redundancy configuration and the status of routing engines is in use, issue the following command: <br> show chassis routing-engine<br><br>"
}
],
"value":"To determine if the system is running a dual routing engine verify if the redundancy configuration and the status of routing engines is in use, issue the following command: \n\u00a0 show chassis routing-engine"
}
],
"work_around":[
{
"lang":"en",
"supportingMedia":[
{
"base64":false,
"type":"text/html",
"value":"There are no known workarounds for this issue.<br><br>To reduce the risk of exploitation, limit access to the device only from trusted administrative networks, users and hosts.<br><br>"
}
],
"value":"There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation, limit access to the device only from trusted administrative networks, users and hosts."
}
],
"exploit":[
{
"lang":"eng",
"supportingMedia":[
{
"base64":false,
"type":"text/html",
"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"solution":[
{
"lang":"eng",
"supportingMedia":[
{
"base64":false,
"type":"text/html",
"value":"The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 21.2R3-S8-EVO, 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S4-EVO, 22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R2-S1-EVO, <span style=\"background-color: rgb(244, 244, 244);\">24.2R1-EVO</span> and all subsequent releases."
}
],
"value":"The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 21.2R3-S8-EVO, 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S4-EVO, 22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R2-S1-EVO, 24.2R1-EVO\u00a0and all subsequent releases."
