Cyber Resilience

CVE-2024-39512

High

Published: 10 July 2024

Published
10 July 2024
Modified
07 February 2025
KEV Added
Patch
CVSS Score v4 7.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 36.0th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39512 is a high-severity Improper Physical Access Control (CWE-1263) vulnerability in Juniper Junos Os Evolved. Its CVSS base score is 7.0 (High).

Operationally, ranked at the 36.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account. When the console cable is disconnected, the…

more

logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges. This issue affects Junos OS Evolved: * from 23.2R2-EVO before 23.2R2-S1-EVO, * from 23.4R1-EVO before 23.4R2-EVO.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

juniper
junos os evolved
23.2, 23.4

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-1263

Field maintenance requires physical or on-site access, and restricting it mitigates improper physical access control.

addresses: CWE-1263

Restricting access to media directly implements controls to prevent improper physical access to storage media.

addresses: CWE-1263

Physically controlling and securely storing media directly implements proper physical access controls for system media.

addresses: CWE-1263

Prohibiting portable storage devices without identifiable owners is a direct physical access control measure limiting untraceable media interaction with systems.

addresses: CWE-1263

Placement for authorized access and protection against unauthorized activation specifically address improper physical access control.

addresses: CWE-1263

Automatic emergency lighting ensures visibility on exits and evacuation routes during power outages, reducing an attacker's ability to exploit improper physical access controls by using darkness to navigate or access restricted areas.

addresses: CWE-1263

Directly implements authorization and control of physical items entering and exiting the facility to prevent improper physical access.

addresses: CWE-1263

Requiring documentation of allowed sites plus implementation and assessment of controls at alternate work sites directly prevents improper physical access to systems and data.

References