Juniper Networks Junos OS and Junos OS Evolved Privilege Escalation Vulnerability

A vulnerability allowing execution with unnecessary privileges has been identified in the User Interface of Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows a local, low-privileged attacker to gain root privileges, compromising the system. The issue arises when a configuration permitting unsigned Python operational scripts is enabled on the device. Under these conditions, a non-root user can execute malicious operational scripts as a root-equivalent user, leading to unauthorized privilege escalation. This vulnerability affects multiple versions of Junos OS and Junos OS Evolved.

Impact

Exploitation of this vulnerability allows local, low-privileged users to gain root privileges, compromising the affected system.

Remediation

Users can update to Junos OS versions 22.4R3-S7, 23.2R2-S4, 23.4R2-S6, 24.2R1-S2, 24.2R2, 24.4R1-S2, 24.4R2, 25.2R1 and all subsequent releases. For Junos OS Evolved, the same release versions apply, starting from 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S6-EVO, 24.2R2-EVO, 24.4R1-S1-EVO, 24.4R2-EVO, 25.2R1-EVO and all subsequent releases.