CVE-2023-28983

Junos OS Evolved: Shell Injection vulnerability in the gNOI server

CVSS 8.8 HIGHEPSS 1.5%CWE-78

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.8EPSS 1.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

17 Apr 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4 version 21.4R1-EVO and later versions prior to 22.1R1-EVO.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Juniper Networks · Junos OS Evolved

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://supportportal.juniper.net/JSA70609