5 - CVE-2024-21615

Executive Summary

Informations
Name	CVE-2024-21615	First vendor Publication	2024-04-12
Vendor	Cve	Last vendor Modification	2024-04-15

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Overall CVSS Score	5
Base Score	5	Environmental Score	5
impact SubScore	3.6	Temporal Score	5
Exploitabality Sub Score	1.3

Attack Vector	Local	Attack Complexity	Low
Privileges Required	Low	User Interaction	Required
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	None	Availability Impact	None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system.

On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system. This issue affects:

Junos OS:

* all versions before 21.2R3-S7,�

* from 21.4 before 21.4R3-S5,�

* from 22.1 before 22.1R3-S5,�

* from 22.2 before 22.2R3-S3,�

* from 22.3 before 22.3R3-S2,�

* from 22.4 before 22.4R3,�

* from 23.2 before 23.2R1-S2.

Junos OS Evolved:�

* all versions before 21.2R3-S7-EVO,�

* from 21.3 before 21.3R3-S5-EVO,�

* from 21.4 before 21.4R3-S5-EVO,�