How severe is CVE-2024-39521?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2024-39521?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2024-39521 - HIGH Severity | CVSS 7.8

Vulnerability Description

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * 21.1-EVO versions 21.1R1-EVO and later before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.1-EVO versions before 22.1R3-S6-EVO, * 22.2-EVO versions before 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO.

Related Vulnerabilities

CVE-2013-0517

HIGH

CVSS:7.8(High)

A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute ar...

CWE-782013

CVE-2015-6396

HIGH

CVSS:7.8(High)

The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161...

CWE-782015

CVE-2016-10320

HIGH

CVSS:7.8(High)

textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files.

CWE-782016

CVE-2016-1339

HIGH

CVSS:7.8(High)

Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux688...

CWE-782016

CVE-2016-4853

HIGH

CVSS:7.8(High)

AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe.

CWE-782016

CVE-2016-6065

HIGH

CVSS:7.8(High)

IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root.

CWE-782016