Juniper Networks Junos OS Privilege Escalation Vulnerability via Line Card Script Processing

A vulnerability allowing privilege escalation has been identified in Juniper Networks Junos OS. This issue arises from incorrect permission assignments in line card script processing, enabling a local, low-privileged user to install scripts that are executed as root during system boot. Affected users can gain root access, potentially leading to complete control of the system. This vulnerability impacts specific line cards, including MPC10, MPC11, LC4800, LC9600, MX304-LMIC16, SRX4700, and EX9200-15C. The vulnerable Junos OS versions are 23.2 prior to 23.2R2-S4, 23.4 prior to 23.4R2-S5, 24.2 prior to 24.2R2-S1, and 24.4 prior to 24.4R1-S3 and 24.4R2.

Impact

Exploitation of this vulnerability allows a low-privileged user to execute scripts as root on the affected line cards, leading to unauthorized privilege escalation and potentially full control over the system.

Remediation

Users can upgrade to Junos 23.2R2-S4, 23.4R2-S5, 24.2R2-S1, 24.4R1-S3, 24.4R2, or 25.2R1. Access lists or firewall filters can also be used to restrict CLI access to trusted hosts and administrators.