Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightw…
Summary
A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their privileges to root. The CLI menu accepts input without carefully validating it, which allows for shell command injection. These shell commands are executed with root permissions and can be used to gain complete control of the system. This issue affects all JSI vLWC versions before 3.0.94.
- 3.0.94
Official advisory · high-confidence parse· fetched 22 hours ago·verify at source
- 3.0.94
Official advisory · high-confidence parse· fetched 22 hours ago·verify at source
Mitigation
Mitigation steps weren't captured by the parser for this advisory — this is a parsing gap, not a statement that no fix exists. Read the vendor advisory below for the authoritative guidance.
Official advisory · high-confidence parse· fetched 22 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.