An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device.  While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker will have full control over the device. This issue affects Junos OS:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S7, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2024-07-10T22:55:27.516Z

Updated: 2024-08-02T04:26:15.990Z

Reserved: 2024-06-25T15:12:53.249Z

Link: CVE-2024-39565

cve-icon Vulnrichment

Updated: 2024-07-11T15:34:33.461Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-10T23:15:13.940

Modified: 2024-11-21T09:28:01.577

Link: CVE-2024-39565

cve-icon Redhat

No data.