An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4 version 21.4R1-EVO and later versions prior to 22.1R1-EVO.
References
| Link | Resource |
|---|---|
| https://supportportal.juniper.net/JSA70609 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
04 May 2023, 13:01
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:* |
|
| References | (CONFIRM) https://supportportal.juniper.net/JSA70609 - Vendor Advisory | |
| First Time |
Juniper junos Os Evolved
Juniper |
17 Apr 2023, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-04-17 22:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-28983
Mitre link : CVE-2023-28983
CVE.ORG link : CVE-2023-28983
JSON object : View
Products Affected
juniper
- junos_os_evolved
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')