Vulnerability-Lookup

CVE-2024-39512 (GCVE-0-2024-39512)

Vulnerability from cvelistv5 – Published: 2024-07-10 23:02 – Updated: 2024-08-02 04:26

Title

Junos OS Evolved: User is not logged out when the console cable is disconnected

Summary

An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account. When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges. This issue affects Junos OS Evolved: * from 23.2R2-EVO before 23.2R2-S1-EVO, * from 23.4R1-EVO before 23.4R2-EVO.

Severity ?

6.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 (High)


                        
                          CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-1263 - Improper Physical Access Control

Assigner

juniper

References

URL

Tags

https://supportportal.juniper.net/JSA82977

vendor-advisory

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS Evolved	Affected: 23.2R2-EVO , < 23.2R2-S1-EVO (semver) Affected: 23.4R1-EVO , < 23.4R2-EVO (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:juniper:junos_evolved:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "junos_evolved",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "23.2R2-S1-EVO",
                "status": "affected",
                "version": "23.2R2-EVO",
                "versionType": "semver"
              },
              {
                "lessThan": "23.4R2-EVO",
                "status": "affected",
                "version": "23.4R1-EVO",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39512",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-12T15:12:54.866035Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-12T16:25:36.401Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.874Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA82977"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "23.2R2-S1-EVO",
              "status": "affected",
              "version": "23.2R2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-EVO",
              "status": "affected",
              "version": "23.4R1-EVO",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-07-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.\u003cbr\u003e\u003cbr\u003eWhen the console cable is disconnected, the logged in user is not logged out.\u0026nbsp;This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Junos OS Evolved: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.2R2-EVO before 23.2R2-S1-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.4R1-EVO before 23.4R2-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
            }
          ],
          "value": "An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.\n\nWhen the console cable is disconnected, the logged in user is not logged out.\u00a0This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.\n\nThis issue affects Junos OS Evolved: \n  *  from 23.2R2-EVO before 23.2R2-S1-EVO,\u00a0\n  *  from 23.4R1-EVO before 23.4R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "PHYSICAL",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1263",
              "description": "CWE-1263 Improper Physical Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-10T23:02:05.458Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA82977"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA82977",
        "defect": [
          "1802653"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Junos OS Evolved: User is not logged out when the console cable is disconnected",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-39512",
    "datePublished": "2024-07-10T23:02:05.458Z",
    "dateReserved": "2024-06-25T15:12:53.237Z",
    "dateUpdated": "2024-08-02T04:26:15.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-39512\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-12T15:12:54.866035Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:juniper:junos_evolved:*:*:*:*:*:*:*:*\"], \"vendor\": \"juniper\", \"product\": \"junos_evolved\", \"versions\": [{\"status\": \"affected\", \"version\": \"23.2R2-EVO\", \"lessThan\": \"23.2R2-S1-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.4R1-EVO\", \"lessThan\": \"23.4R2-EVO\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-12T16:25:26.782Z\"}}], \"cna\": {\"title\": \"Junos OS Evolved: User is not logged out when the console cable is disconnected\", \"source\": {\"defect\": [\"1802653\"], \"advisory\": \"JSA82977\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.6, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS Evolved\", \"versions\": [{\"status\": \"affected\", \"version\": \"23.2R2-EVO\", \"lessThan\": \"23.2R2-S1-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.4R1-EVO\", \"lessThan\": \"23.4R2-EVO\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue: 23.2R2-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The following software releases have been updated to resolve this specific issue: 23.2R2-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.\", \"base64\": false}]}], \"datePublic\": \"2024-07-10T16:00:00.000Z\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA82977\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There are no known workarounds for this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"There are no known workarounds for this issue.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.\\n\\nWhen the console cable is disconnected, the logged in user is not logged out.\\u00a0This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.\\n\\nThis issue affects Junos OS Evolved: \\n  *  from 23.2R2-EVO before 23.2R2-S1-EVO,\\u00a0\\n  *  from 23.4R1-EVO before 23.4R2-EVO.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.\u003cbr\u003e\u003cbr\u003eWhen the console cable is disconnected, the logged in user is not logged out.\u0026nbsp;This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003eThis issue affects Junos OS Evolved: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003efrom 23.2R2-EVO before 23.2R2-S1-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003efrom 23.4R1-EVO before 23.4R2-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1263\", \"description\": \"CWE-1263 Improper Physical Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2024-07-10T23:02:05.458Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-39512\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-07-12T16:25:36.401Z\", \"dateReserved\": \"2024-06-25T15:12:53.237Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2024-07-10T23:02:05.458Z\", \"assignerShortName\": \"juniper\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-39512

Vulnerability from fkie_nvd - Published: 2024-07-10 23:15 - Updated: 2025-02-07 19:36

Severity ?

6.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	sirt@juniper.net	https://supportportal.juniper.net/JSA82977	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://supportportal.juniper.net/JSA82977	Vendor Advisory

Impacted products

Vendor	Product	Version
juniper	junos_os_evolved	23.2
juniper	junos_os_evolved	23.4
juniper	junos_os_evolved	23.4
juniper	junos_os_evolved	23.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r2:*:*:*:*:*:*",
              "matchCriteriaId": "A4BB6910-B994-45FD-8153-5EC00EE842E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "FE777A1F-9CD9-426E-AF1C-FBE01EB9A4A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "7147BA60-30A5-4CED-9AAF-F6BEA0528B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "6E5CE59B-14B2-4F4C-81B5-0430EC954956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.\n\nWhen the console cable is disconnected, the logged in user is not logged out.\u00a0This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.\n\nThis issue affects Junos OS Evolved: \n  *  from 23.2R2-EVO before 23.2R2-S1-EVO,\u00a0\n  *  from 23.4R1-EVO before 23.4R2-EVO."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de control de acceso f\u00edsico inadecuado en el control del puerto de consola de Juniper Networks Junos OS Evolved permite que un atacante con acceso f\u00edsico al dispositivo obtenga acceso a una cuenta de usuario. Cuando se desconecta el cable de la consola, el usuario que inici\u00f3 sesi\u00f3n no cierra la sesi\u00f3n. Esto permite que un atacante malintencionado con acceso f\u00edsico a la consola reanude una sesi\u00f3n anterior y posiblemente obtenga privilegios administrativos. Este problema afecta a Junos OS Evolved: * desde 23.2R2-EVO antes de 23.2R2-S1-EVO, * desde 23.4R1-EVO antes de 23.4R2-EVO."
    }
  ],
  "id": "CVE-2024-39512",
  "lastModified": "2025-02-07T19:36:39.607",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 5.9,
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "PHYSICAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "PASSIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-10T23:15:10.393",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://supportportal.juniper.net/JSA82977"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://supportportal.juniper.net/JSA82977"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1263"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-7X3W-3VJX-FHQV

Vulnerability from github – Published: 2024-07-11 00:32 – Updated: 2024-07-11 00:32

Details

When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.

This issue affects Junos OS Evolved: * from 23.2R2-EVO before 23.2R2-S1-EVO, * from 23.4R1-EVO before 23.4R2-EVO.

Severity ?

6.6 (Medium)


                  
                    CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.0 (High)


                  
                    CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-39512"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1263"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-10T23:15:10Z",
    "severity": "HIGH"
  },
  "details": "An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.\n\nWhen the console cable is disconnected, the logged in user is not logged out.\u00a0This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.\n\nThis issue affects Junos OS Evolved: \n  *  from 23.2R2-EVO before 23.2R2-S1-EVO,\u00a0\n  *  from 23.4R1-EVO before 23.4R2-EVO.",
  "id": "GHSA-7x3w-3vjx-fhqv",
  "modified": "2024-07-11T00:32:50Z",
  "published": "2024-07-11T00:32:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39512"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA82977"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CERTFR-2024-AVI-0781

Vulnerability from certfr_avis - Published: 2024-09-16 - Updated: 2024-10-15

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 20.4R3-S7-EVO, 21.2R3-S7-EVO, 21.2R3-S8-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 21.4R3-S7-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.2R3-S4-EVO, 22.3R2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.3R3-S2-EVO, 22.3R3-S3-EVO, 22.4R2-EVO, 22.4R3-EVO, 22.4R3-S1-EVO, 22.4R3-S2-EVO, 23.2R1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 23.4R2-EVO et 24.2R1-EVO
Juniper Networks	Junos OS	Junos OS versions antérieures à 20.4R3-S9, 21.2R3-S6, 21.2R3-S7, 21.2R3-S8, 21.3R3-S5, 21.4R3-S4, 21.4R3-S5, 21.4R3-S7, 22.1R3-S3, 22.1R3-S4, 22.1R3-S5, 22.2R3-S2, 22.2R3-S3, 22.2R3-S4, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.3R3-S3, 22.4R2-S2, 22.4R3, 22.4R3-S2, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.4R1, 23.4R1-S1, 23.4R2 et 24.2R1
Juniper Networks	BBE Cloud Setup	BBE Cloudsetup versions antérieures à 2.1.0

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA75756	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82975	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82977	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82971	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA79175	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82974	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA75746	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA75759	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA75750	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA79101	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82973	2024-09-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S7-EVO, 21.2R3-S7-EVO, 21.2R3-S8-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 21.4R3-S7-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.2R3-S4-EVO, 22.3R2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.3R3-S2-EVO, 22.3R3-S3-EVO, 22.4R2-EVO, 22.4R3-EVO, 22.4R3-S1-EVO, 22.4R3-S2-EVO, 23.2R1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 23.4R2-EVO et 24.2R1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 20.4R3-S9, 21.2R3-S6, 21.2R3-S7, 21.2R3-S8, 21.3R3-S5, 21.4R3-S4, 21.4R3-S5, 21.4R3-S7, 22.1R3-S3, 22.1R3-S4, 22.1R3-S5, 22.2R3-S2, 22.2R3-S3, 22.2R3-S4, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.3R3-S3, 22.4R2-S2, 22.4R3, 22.4R3-S2, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.4R1, 23.4R1-S1, 23.4R2 et 24.2R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "BBE Cloudsetup versions ant\u00e9rieures \u00e0 2.1.0",
      "product": {
        "name": "BBE Cloud Setup",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2024-21618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21618"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2023-28841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
    },
    {
      "name": "CVE-2023-28840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2024-39524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39524"
    },
    {
      "name": "CVE-2020-15861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15861"
    },
    {
      "name": "CVE-2015-5621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
    },
    {
      "name": "CVE-2023-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
    },
    {
      "name": "CVE-2014-2310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2310"
    },
    {
      "name": "CVE-2024-39523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39523"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2020-15862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15862"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2019-20892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20892"
    },
    {
      "name": "CVE-2022-4886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4886"
    },
    {
      "name": "CVE-2023-5363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
    },
    {
      "name": "CVE-2022-23525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23525"
    },
    {
      "name": "CVE-2007-5846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
    },
    {
      "name": "CVE-2023-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
    },
    {
      "name": "CVE-2024-21605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21605"
    },
    {
      "name": "CVE-2023-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
    },
    {
      "name": "CVE-2022-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
    },
    {
      "name": "CVE-2022-23524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23524"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2015-8100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8100"
    },
    {
      "name": "CVE-2024-21615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21615"
    },
    {
      "name": "CVE-2021-25746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25746"
    },
    {
      "name": "CVE-2023-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
    },
    {
      "name": "CVE-2008-6123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6123"
    },
    {
      "name": "CVE-2023-28842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
    },
    {
      "name": "CVE-2021-25748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25748"
    },
    {
      "name": "CVE-2023-25173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
    },
    {
      "name": "CVE-2023-33953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33953"
    },
    {
      "name": "CVE-2022-23526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23526"
    },
    {
      "name": "CVE-2014-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2285"
    },
    {
      "name": "CVE-2024-21609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21609"
    },
    {
      "name": "CVE-2024-39522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39522"
    },
    {
      "name": "CVE-2023-25153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2023-32732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32732"
    },
    {
      "name": "CVE-2024-39517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39517"
    },
    {
      "name": "CVE-2023-4785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4785"
    },
    {
      "name": "CVE-2012-6151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
    },
    {
      "name": "CVE-2024-39521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39521"
    },
    {
      "name": "CVE-2024-39512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39512"
    },
    {
      "name": "CVE-2023-1255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
    },
    {
      "name": "CVE-2021-44225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44225"
    },
    {
      "name": "CVE-2024-39553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39553"
    },
    {
      "name": "CVE-2024-39520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39520"
    },
    {
      "name": "CVE-2022-23471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
    },
    {
      "name": "CVE-2014-3565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3565"
    },
    {
      "name": "CVE-2023-2975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
    },
    {
      "name": "CVE-2023-5043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5043"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2021-25745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25745"
    },
    {
      "name": "CVE-2018-18065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
    }
  ],
  "initial_release_date": "2024-09-16T00:00:00",
  "last_revision_date": "2024-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0781",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-16T00:00:00.000000"
    },
    {
      "description": "Correction d\u0027identifiants CVE erron\u00e9s",
      "revision_date": "2024-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75756",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-low-privileged-user-can-access-confidential-information-CVE-2024-21615"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82975",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Multiple-CLI-parameter-processing-issues-allowing-privilege-escalation-resolved"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82977",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-User-is-not-logged-out-when-the-console-cable-is-disconnected-CVE-2024-39512"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82971",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-BBE-Cloudsetup-Multiple-vulnerabilities-resolved-in-2-1-0-release"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA79175",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Upon-processing-specific-L2-traffic-rpd-can-hang-in-devices-with-EVPN-VXLAN-configured-CVE-2024-39517"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82974",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSL-3-0-12"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75746",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX-300-Series-Specific-link-local-traffic-causes-a-control-plane-overload-CVE-2024-21605"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75759",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-LLDP-is-enabled-and-a-malformed-LLDP-packet-is-received-l2cpd-crashes-CVE-2024-21618"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75750",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-and-SRX-Series-If-specific-IPsec-parameters-are-negotiated-iked-will-crash-due-to-a-memory-leak-CVE-2024-21609"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA79101",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-arbitrary-data-when-sampling-service-is-enabled-leads-to-partial-Denial-of-Service-DoS-CVE-2024-39553"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82973",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-net-SNMP-5-9-4"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-39512 (GCVE-0-2024-39512)

FKIE_CVE-2024-39512

GHSA-7X3W-3VJX-FHQV

CERTFR-2024-AVI-0781

Solutions

Tags

Sightings

Nomenclature