Executive Summary

CVE-2025-30650 is a vulnerability in Juniper Networks Junos OS that affects Linux-based line cards. It is a Missing Authentication for Critical Function vulnerability in the command processing of Junos OS, which allows a privileged local attacker to escalate their privileges to root without needing the root password.

Specifically, a local attacker with limited privileges (such as shell and maintenance access) can execute a script as root during the Flexible PIC Concentrator (FPC) boot-up process, thereby gaining persistent root access on the line card. This root access effectively grants full root control over the entire router.

The vulnerability affects multiple line card models including MPC7, MPC8, MPC9, MPC10, MPC11, LC2101, LC2103, LC480, LC4800, LC9600, MX304, MX-SPC3, SRX5K-SPC3, EX9200-40XS, FPC3-PTX-U2, FPC3-PTX-U3, FPC3-SFF-PTX, LC1101, LC1102, LC1104, and LC1105. It impacts all Junos OS versions before 22.4R3-S8 and several subsequent versions up to but not including certain fixed releases.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows a privileged local attacker to gain root access on Juniper Networks Junos OS line cards, potentially compromising the confidentiality, integrity, and availability of the affected systems.

Such unauthorized root access could lead to unauthorized data access or manipulation, which may impact compliance with standards and regulations like GDPR and HIPAA that require strict controls over access to sensitive data and system integrity.

However, the provided information does not explicitly discuss the direct impact on compliance with these regulations or any specific compliance requirements.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows a privileged local attacker to gain root access on the affected line cards running Junos OS Evolved. With root access, the attacker can fully control the router, potentially leading to unauthorized changes, data breaches, disruption of network services, and persistent compromise of the network infrastructure.

Because the attacker can execute scripts as root during the boot-up process, the compromise can be persistent and difficult to detect or remove without applying the appropriate security patches.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves a privileged local attacker gaining root access on Linux-based line cards running Junos OS Evolved by exploiting missing authentication in command processing.

Detection would primarily involve verifying the Junos OS version running on affected line cards and checking for unauthorized root access or suspicious script executions during FPC boot-up.

Specifically, you can check the Junos OS version on your line cards to see if it falls within the vulnerable versions before applying patches.

• Use the command `show version` on the device to identify the Junos OS version.
• Check for unexpected root shell sessions or processes on the line cards by accessing the Linux shell on the affected FPCs.
• Review boot-up scripts or logs on the FPC for unauthorized script executions that could indicate exploitation.

Since the vulnerability requires local privileged access, monitoring for unusual local user activity or privilege escalations on the line cards is also recommended.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to apply the security patches provided by Juniper in the fixed Junos OS releases.

• Upgrade affected Junos OS versions to one of the fixed releases: 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S3, 24.4R2, 25.2R2, 25.4R1, or any later versions.
• Restrict local privileged access to line cards to trusted administrators only.
• Monitor and audit local user activities on line cards to detect any unauthorized attempts to escalate privileges.

Applying patches is critical because the vulnerability allows privilege escalation to root without requiring the root password, which can lead to full control over the router.

Useful 0 Not Useful 0