CVE-2024-39537

EPSS 0.08%
Published 11.07.2024 17:15:11
Last modified 21.11.2024 09:27:57
Source sirt@juniper.net
Teams watchlist Login
Open Login

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device.



Due to a wrong initialization, specific processes which should only be able to communicate internally within the device can be reached over the network via open ports.




This issue affects Junos OS Evolved on ACX 7000 Series:



  *  All versions before 21.4R3-S7-EVO,
  *  22.2-EVO 

versions 

before 22.2R3-S4-EVO,
  *  22.3-EVO versions before 22.3R3-S3-EVO,
  *  22.4-EVO versions before 22.4R3-S2-EVO,
  *  23.2-EVO versions before 23.2R2-EVO,
  *  23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Vendorjuniper

≫

Product junos_os_evolved

Default Statusunknown

Version < 22.2r3-s4

Version 22.2

Status affected

Version < 22.3r3-s3

Version 22.3

Status affected

Version < 22.4r3-s2

Version 22.4

Status affected

Version < 23.2r2

Version 23.2

Status affected

Version < 23.4r1-s1

Version 23.4

Status affected

Version < 23.4r2

Version 23.4

Status affected

Vendorjuniper

≫

Product junos_os_evolved

Default Statusunaffected

Version < 21.4r3-s7

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.241

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
sirt@juniper.net	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
sirt@juniper.net	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE-923 Improper Restriction of Communication Channel to Intended Endpoints

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

https://supportportal.juniper.net/JSA82997

https://nvd.nist.gov/vuln/detail/CVE-2024-39537

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-39537

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-39537

EUVD