CNNVD-202601-2554 Information
CNNVD ID
CNNVD-202601-2554
Related CVE
- CNNVD Published: 2026-01-15
Description (Chinese)
Juniper Networks Junos OS和Juniper Networks Junos OS Evolved都是美国瞻博网络(Juniper Networks)公司的产品。Juniper Networks Junos OS是一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。Juniper Networks Junos OS Evolved是Junos OS 的升级版系统。 Juniper Networks Junos OS和Juniper Networks Junos OS Evolved存在安全漏洞,该漏洞源于DHCP守护进程对关键资源的权限分配不当,可能导致本地低权限用户获得完全控制权。以下版本受到影响:Junos OS 21.2R3-S10之前版本、22.2所有版本、21.4R3-S12之前版本、22.4R3-S8之前版本、23.2R2-S5之前版本、23.4R2-S6之前版本、24.2R2-S2之前版本、24.4R2之前版本、25.2R1-S1之前版本和25.2R2版本和Junos OS Evolved 22.4R3-S8-EVO之前版本、23.2R2-S5-EVO之前版本、23.4R2-S6-EVO之前版本、24.2R2-S2-EVO之前版本、24.4R2-EVO之前版本、25.2R1-S1-EVO之前版本和25.2R2-EVO版本。
Description (English)
Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are products of Juniper Networks. Juniper Networks Junos OS is a network operating system dedicated to the hardware equipment of the company. The operating system provides a security programming interface and Junos SDK. Juniper Networks Junos OS Evolved is an upgraded Junos OS system. There is a security loophole in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved, which stems from the misallocation of authority to key resources in the DHCP daemon process, which may lead to full control by local low-authorized users. The following versions were affected: Junos OS 21.2R3-S10, all 22.2 versions, 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1-S1 and 25.2R2 and Junos OS Evolved 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-EVO, 25.2R1-EVO and 25.2R2-EVO.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
瞻博网络
Published
2026-01-15
Last Modified
2026-02-24
References
https://kb.juniper.net/JSA103150 https://supportportal.juniper.net/