CVE-2024-39565
HIGHDescription
An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker will have full control over the device. This issue affects Junos OS: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S7, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2.
Is your site exposed to CVE-2024-39565?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| juniper | j-web |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | ex2300 |
| juniper | ex2300-c |
| juniper | ex3400 |
| juniper | ex4000 |
| juniper | ex4100 |
| juniper | ex4100-f |
| juniper | ex4100-h |
| juniper | ex4300 |
| juniper | ex4400 |
| juniper | ex4600 |
| juniper | ex4650 |
| juniper | ex9204 |
| juniper | ex9208 |
| juniper | ex9214 |
| juniper | srx1500 |
| juniper | srx1600 |
| juniper | srx2300 |
| juniper | srx300 |
| juniper | srx320 |
| juniper | srx340 |
| juniper | srx345 |
| juniper | srx380 |
| juniper | srx4100 |
| juniper | srx4120 |
| juniper | srx4200 |
| juniper | srx4300 |
| juniper | srx4600 |
| juniper | srx4700 |
| juniper | srx5400 |
| juniper | srx5600 |
| juniper | srx5800 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-39565? +
How severe is CVE-2024-39565? +
What products are affected by CVE-2024-39565? +
How do I check if I'm vulnerable to CVE-2024-39565? +
Related Vulnerabilities
Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath …
A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access …
Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the search_item_ctrl_f function located in src/smolagents/vision_web_browser.py. The function constructs …
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote …
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to …
A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown …