Juniper Networks Junos OS and Junos OS Evolved OS Command Injection Vulnerability Allowing Arbitrary Shell Command Execution as Root

A vulnerability allowing OS command injection has been identified in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved. This issue allows a local, high-privileged attacker to execute specific crafted CLI commands that inject arbitrary shell commands, executed as root, leading to a complete system compromise. The vulnerability arises because certain 'set system' commands do not properly sanitize crafted arguments, allowing for arbitrary shell injection.

Impact

Exploitation of this vulnerability allows for arbitrary command execution as the root user, potentially leading to a complete compromise of the affected system.

Remediation

Users can upgrade to Junos OS versions 22.4R3-S8, 23.2R2-S5, 23.4R2-S7, 24.2R2-S2, 24.4R2, 25.2R2, 25.4R1, and all subsequent releases. For Junos OS Evolved, users can upgrade to versions 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S7-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases. Additionally, access to the CLI can be limited from trusted hosts and administrators, and non-privileged users can be restricted from accessing the 'set system' stanza.