CVE-2024-39532

Published: Jul 11, 2024Modified: Jan 22, 2026

6.3

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

Exploitability: 1.1 / Impact: 4.7

Source: sirt@juniper.net (Secondary)

Description

An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information. When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information. This issue affects: Junos OS: * All versions before 21.2R3-S9; * 21.4 versions before 21.4R3-S9; * 22.2 versions before 22.2R2-S1, 22.2R3; * 22.3 versions before 22.3R1-S1, 22.3R2; Junos OS Evolved: * All versions before before 22.1R3-EVO; * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO.

Affected (57)

Products: Juniper: Junos, Junos Os Evolved

Juniper

2 products

Junos

Junos Os Evolved

Configuration A

57 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Before 21.2
Juniper Junos	Version 21.2
Juniper Junos	Version 21.2 r1-s1
Juniper Junos	Version 21.2 r1-s2
Juniper Junos	Version 21.2 r1
Juniper Junos	Version 21.2 r2-s1
Juniper Junos	Version 21.2 r2-s2
Juniper Junos	Version 21.2 r2
Juniper Junos	Version 21.2 r3-s1
Juniper Junos	Version 21.2 r3-s2
Juniper Junos	Version 21.2 r3-s3
Juniper Junos	Version 21.2 r3-s4
Juniper Junos	Version 21.2 r3-s5
Juniper Junos	Version 21.2 r3-s6
Juniper Junos	Version 21.2 r3-s7
Juniper Junos	Version 21.2 r3-s8
Juniper Junos	Version 21.2 r3
Juniper Junos	Version 21.4
Juniper Junos	Version 21.4 r1-s1
Juniper Junos	Version 21.4 r1-s2
Juniper Junos	Version 21.4 r1
Juniper Junos	Version 21.4 r2-s1
Juniper Junos	Version 21.4 r2-s2
Juniper Junos	Version 21.4 r2
Juniper Junos	Version 21.4 r3-s1
Juniper Junos	Version 21.4 r3-s2
Juniper Junos	Version 21.4 r3-s3
Juniper Junos	Version 21.4 r3-s4
Juniper Junos	Version 21.4 r3-s5
Juniper Junos	Version 21.4 r3-s6
Juniper Junos	Version 21.4 r3-s7
Juniper Junos	Version 21.4 r3-s8
Juniper Junos	Version 21.4 r3
Juniper Junos	Version 22.2
Juniper Junos	Version 22.2 r1-s1
Juniper Junos	Version 22.2 r1-s2
Juniper Junos	Version 22.2 r1
Juniper Junos	Version 22.2 r2
Juniper Junos	Version 22.2 r3
Juniper Junos	Version 22.3
Juniper Junos	Version 22.3 r1
Juniper Junos	Version 22.3 r2
Juniper Junos Os Evolved	Version 22.1
Juniper Junos Os Evolved	Version 22.1 r1-s1
Juniper Junos Os Evolved	Version 22.1 r1-s2
Juniper Junos Os Evolved	Version 22.1 r1
Juniper Junos Os Evolved	Version 22.1 r2-s1
Juniper Junos Os Evolved	Version 22.1 r2
Juniper Junos Os Evolved	Version 22.2
Juniper Junos Os Evolved	Version 22.2 r1-s1
Juniper Junos Os Evolved	Version 22.2 r1-s2
Juniper Junos Os Evolved	Version 22.2 r1
Juniper Junos Os Evolved	Version 22.2 r2
Juniper Junos Os Evolved	Version 22.2 r3
Juniper Junos Os Evolved	Version 22.3
Juniper Junos Os Evolved	Version 22.3 r1
Juniper Junos Os Evolved	Version 22.3 r2

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://supportportal.juniper.net/JSA82992

Source: sirt@juniper.net

Vendor Advisory

https://supportportal.juniper.net/JSA82992

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.