"value":"An\u00a0Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system.\n\nThe Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.\n\nThis issue affects Junos OS Evolved:\n\n * All version before 20.4R3-S6-EVO,\u00a0\n * 21.2-EVO versions before 21.2R3-S4-EVO,\n * 21.4-EVO versions before 21.4R3-S6-EVO,\u00a0\n * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO,\u00a0\n * 22.3-EVO versions before 22.3R2-EVO."
}
]
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang":"eng",
"value":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"value":"There are no known workarounds for this issue."
}
],
"value":"There are no known workarounds for this issue."
}
],
"exploit":[
{
"lang":"en",
"supportingMedia":[
{
"base64":false,
"type":"text/html",
"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"solution":[
{
"lang":"en",
"supportingMedia":[
{
"base64":false,
"type":"text/html",
"value":"The following software releases have been updated to resolve this specific issue: 20.4R3-S6-EVO, 21.2R3-S4-EVO, 21.4R3-S6-EVO, 22.2R2-S1-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases."
}
],
"value":"The following software releases have been updated to resolve this specific issue: 20.4R3-S6-EVO, 21.2R3-S4-EVO, 21.4R3-S6-EVO, 22.2R2-S1-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases."
