{"vulnerability": "CVE-2024-3953", "sightings": [{"uuid": "91613c2c-b6f9-4935-9fc1-83c1f926fc22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39532", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/550", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-39532\n\ud83d\udd39 Description: An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information.\n\nWhen another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information.\nThis issue affects:\n\nJunos OS:\n\n\n\n * All versions before 21.2R3-S9;\n * \n\n21.4 versions before 21.4R3-S9;\n\n * 22.2 versions before 22.2R2-S1, 22.2R3;\n * 22.3 versions before 22.3R1-S1, 22.3R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n * All versions before before 22.1R3-EVO;\n * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO;\n * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO.\n\ud83d\udccf Published: 2024-07-11T16:06:40.305Z\n\ud83d\udccf Modified: 2025-01-07T20:25:28.188Z\n\ud83d\udd17 References:\n1. https://supportportal.juniper.net/JSA82992", "creation_timestamp": "2025-01-07T20:37:48.000000Z"}, {"uuid": "6f9cdcd6-5ed4-4b19-b3c6-ede28504d620", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39533", "type": "seen", "source": "https://t.me/cvedetector/694", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39533 - An Unimplemented or Unsupported Feature in the UI\", \n \"Content\": \"CVE ID : CVE-2024-39533 \nPublished : July 11, 2024, 5:15 p.m. | 42\u00a0minutes ago \nDescription : An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an unauthenticated, network-based attacker to cause a minor integrity impact to downstream networks.If one or more of the following match conditions \n \nip-source-address \nip-destination-address \narp-type \n \nwhich are not supported for this type of filter, are used in an ethernet switching filter,\u00a0and then this filter is applied as an output filter, the configuration can be committed but the filter will not be in effect. \n \n \n \n \nThis issue affects Junos OS on QFX5000 Series and EX4600 Series: \n \n * All version before 21.2R3-S7,\u00a0 \n * 21.4 versions before 21.4R3-S6, \n * 22.1 versions before 22.1R3-S5, \n * 22.2 versions before 22.2R3-S3, \n * 22.3 versions before 22.3R3-S2,\u00a0 \n * 22.4 versions before 22.4R3, \n * 23.2 versions before 23.2R2. \n \n \n \nPlease note that the implemented fix ensures these unsupported match conditions cannot be committed anymore. \nSeverity: 5.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-11T20:00:12.000000Z"}, {"uuid": "767b9276-2765-49fc-97d9-c23255df572d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39536", "type": "seen", "source": "https://t.me/cvedetector/693", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39536 - A Missing Release of Memory after Effective Lifeti\", \n \"Content\": \"CVE ID : CVE-2024-39536 \nPublished : July 11, 2024, 5:15 p.m. | 42\u00a0minutes ago \nDescription : A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \n \nDenial-of-Service (DoS). \n \n \nWhen a\u00a0BFD session configured with authentication flaps,\u00a0ppmd memory can leak. Whether the leak happens depends on a\u00a0race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode. \n \n \n \nWhether the leak occurs can be monitored with the following CLI command: \n \n> show ppm request-queue \n \n \nFPC \u00a0 \u00a0 Pending-request \nfpc0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a02 \nrequest-total-pending: 2 \n \n \nwhere a continuously increasing number of pending requests is indicative of the leak.\u00a0 \n \n \n \n \nThis issue affects: \n \nJunos OS: \n \n \n * All versions before 21.2R3-S8, \n * 21.4 versions before 21.4R3-S7, \n * 22.1 versions before 22.1R3-S4, \n * 22.2 versions before 22.2R3-S4,\u00a0 \n * 22.3 versions before 22.3R3, \n * 22.4 versions before 22.4R2-S2, 22.4R3, \n * 23.1 versions before 23.1R2. \n \n \n \nJunos OS Evolved: \n * All versions before 21.2R3-S8-EVO, \n * 21.4-EVO versions before 21.4R3-S7-EVO, \n * 22.2-EVO versions before 22.2R3-S4-EVO, \n * 22.3-EVO versions before 22.3R3-EVO, \n * 22.4-EVO versions before 22.4R3-EVO, \n * 23.2-EVO versions before 23.2R1-EVO. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-11T20:00:11.000000Z"}, {"uuid": "4fe84d7b-c8f5-424b-ad5a-09059b47c91a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39537", "type": "seen", "source": "https://t.me/cvedetector/692", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39537 - An Improper Restriction of Communication Channel t\", \n \"Content\": \"CVE ID : CVE-2024-39537 \nPublished : July 11, 2024, 5:15 p.m. | 42\u00a0minutes ago \nDescription : An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. \n \n \n \nDue to a wrong initialization, specific processes which should only be able to communicate internally within the device can be reached over the network via open ports. \n \n \n \n \nThis issue affects\u00a0Junos OS Evolved on ACX 7000 Series: \n \n \n \n * All versions before 21.4R3-S7-EVO, \n * 22.2-EVO \n \nversions \n \nbefore 22.2R3-S4-EVO, \n * 22.3-EVO versions before 22.3R3-S3-EVO, \n * 22.4-EVO versions before 22.4R3-S2-EVO, \n * 23.2-EVO versions before 23.2R2-EVO, \n * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-11T20:00:10.000000Z"}, {"uuid": "333b6902-25e0-4c16-b685-694f51881ef3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39538", "type": "seen", "source": "https://t.me/cvedetector/691", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39538 - A Buffer Copy without Checking Size of Input vulne\", \n \"Content\": \"CVE ID : CVE-2024-39538 \nPublished : July 11, 2024, 5:15 p.m. | 42\u00a0minutes ago \nDescription : A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a\u00a0 \n \nDenial-of-Service (DoS).When multicast traffic with a specific, valid (S,G) is received, evo-pfemand crashes which leads to an outage of the affected FPC until it is manually recovered. \n \n \nThis issue affects Junos OS Evolved on ACX7000 Series: \n \n \n * All versions before 21.2R3-S8-EVO, \n * 21.4-EVO versions before 21.4R3-S7-EVO, \n * 22.2-EVO versions before 22.2R3-S4-EVO, \n * 22.3-EVO versions before 22.3R3-S3-EVO,\u00a0 \n * 22.4-EVO versions before 22.4R3-S2-EVO,\u00a0 \n * 23.2-EVO versions before 23.2R2-EVO,\u00a0 \n * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-11T20:00:09.000000Z"}, {"uuid": "b91bec95-36a9-4e64-8c39-5b1b38f06418", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39539", "type": "seen", "source": "https://t.me/cvedetector/690", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39539 - A Missing Release of Memory after Effective Lifeti\", \n \"Content\": \"CVE ID : CVE-2024-39539 \nPublished : July 11, 2024, 5:15 p.m. | 42\u00a0minutes ago \nDescription : A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a\u00a0Denial-of-Service (DoS). \n \nIn a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart. \n \nThis issue affects Junos OS on MX Series: \n \n \n \n * All version before 21.2R3-S6, \n * 21.4 versions before 21.4R3-S6, \n * 22.1 versions before 22.1R3-S5, \n * 22.2 versions before 22.2R3-S3,\u00a0 \n * 22.3 versions before 22.3R3-S2, \n * 22.4 versions before 22.4R3, \n * 23.2 versions before 23.2R2. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-11T20:00:08.000000Z"}, {"uuid": "03c1a27f-bab0-4b31-bc26-e1e3670abdaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39530", "type": "seen", "source": "https://t.me/cvedetector/664", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39530 - An Improper Check for Unusual or Exceptional Condi\", \n \"Content\": \"CVE ID : CVE-2024-39530 \nPublished : July 11, 2024, 4:15 p.m. | 39\u00a0minutes ago \nDescription : An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a \n \nDenial-of-Service (DoS). \n \nIf an attempt is made to access specific sensors on platforms not supporting these sensors, either via GRPC or netconf, chassisd will crash and restart leading to a restart of all FPCs and thereby a complete outage. \n \nThis issue affects Junos OS: \n \n \n \n * 21.4 versions from 21.4R3 before 21.4R3-S5, \n * 22.1 versions from 22.1R3 before 22.1R3-S4, \n * 22.2 versions from 22.2R2 before 22.2R3, \n * 22.3 versions from 22.3R1 before 22.3R2-S2, 22.3R3, \n * 22.4 versions from 22.4R1 before 22.4R2. \n \n \nThis issue does not affect Junos OS versions earlier than 21.4. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-11T19:09:27.000000Z"}]}