CVE-2024-39532 : An Insertion of Sensitive Information into Log File vulnerability in Juniper Net

An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information. When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information. This issue affects: Junos OS: * All versions before 21.2R3-S9; * 21.4 versions before 21.4R3-S9; * 22.2 versions before 22.2R2-S1, 22.2R3; * 22.3 versions before 22.3R1-S1, 22.3R2; Junos OS Evolved: * All versions before before 22.1R3-EVO; * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO.

Published 2024-07-11 16:06:40

Updated 2025-01-07 21:15:12

Source Juniper Networks, Inc.

View at NVD, CVE.org

Products affected by CVE-2024-39532

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2024-39532

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 6 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-39532

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.3	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N	N/A	N/A	Juniper Networks, Inc.	2024-07-11
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Changed Confidentiality: High Integrity: Low Availability: None
6.3	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N	1.1	4.7	Juniper Networks, Inc.	2024-07-11
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Changed Confidentiality: High Integrity: Low Availability: None
4.2	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/V...	N/A	N/A	Juniper Networks, Inc.	2024-07-11
Attack Vector: Local Attack Complexity: Low Attack Requirements: None Privileges Required: High User Interaction: Passive Confidentiality (VC): None Integrity (VI): None Availability (VA): None
4.2	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/V...	N/A	N/A	Juniper Networks, Inc.	2024-07-11
Attack Vector: Local Attack Complexity: Low Attack Requirements: None Privileges Required: High User Interaction: Passive Confidentiality (VC): None Integrity (VI): None Availability (VA): None

CWE ids for CVE-2024-39532

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

Assigned by: sirt@juniper.net (Secondary)

References for CVE-2024-39532

https://supportportal.juniper.net/JSA82992

2024-07 Security Bulletin: Junos OS and Junos OS Evolved: Confidential information in logs can be accessed by another user (CVE-2024-39532)

Jump to

Vulnerability Details : CVE-2024-39532

Products affected by CVE-2024-39532

Exploit prediction scoring system (EPSS) score for CVE-2024-39532

CVSS scores for CVE-2024-39532

CWE ids for CVE-2024-39532

References for CVE-2024-39532