A vulnerability has been identified in the Juniper DHCP daemon (jdhcpd) within Junos OS and Junos OS Evolved. This vulnerability allows local, low-privileged users to write to the Unix socket that manages the jdhcpd process, granting them complete control over the DHCP service. Affected users can connect to the Unix socket and issue commands that manage the DHCP service, effectively taking administrative control of the local DHCP server or DHCP relay. The vulnerability arises from an incorrect permission assignment that leaves the Unix socket world-writable, enabling unauthorized access to the DHCP management interface.
Exploitation of this vulnerability allows low-privileged users to gain administrative control over the local DHCP server or DHCP relay, potentially disrupting network services or mismanaging DHCP assignments.
Users can manually change the permissions of the Unix socket used to control the jdhcpd server to allow only root access. However, this change will not persist across reboots. The vulnerability can also be addressed by updating to Junos OS versions 21.2R3-S10, 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases, or to Junos OS Evolved versions 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
