Lucene search

JuniperCVELIST:CVE-2023-28983

HistoryApr 17, 2023 - 12:00 a.m.

CVE-2023-28983 Junos OS Evolved: Shell Injection vulnerability in the gNOI server

2023-04-1700:00:00

CWE-78

juniper

www.cve.org

juniper networks

os command injection

gnoi server

shell injection

vulnerability

grpc network operations interface

network based attacker

code execution

21.4r1-evo

22.1r1-evo

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.7%

JSON

An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4 version 21.4R1-EVO and later versions prior to 22.1R1-EVO.

CNA Affected

[
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS Evolved",
    "versions": [
      {
        "version": "21.4R1-EVO",
        "status": "affected",
        "lessThan": "21.4*",
        "versionType": "custom"
      },
      {
        "version": "22.1",
        "status": "affected",
        "lessThan": "22.1R1-EVO",
        "versionType": "custom"
      }
    ]
  }
]

References

supportportal.juniper.net/JSA70609

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.7%

JSON

Related for CVELIST:CVE-2023-28983