cvelistv5 - cve-2024-39534

CVE-2024-39534 (GCVE-0-2024-39534)

Vulnerability from cvelistv5 – Published: 2024-10-11 15:18 – Updated: 2024-10-11 19:00

Summary

An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters. This issue affects Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * 22.2-EVO before 22.2R3-S4-EVO, * 22.3-EVO before 22.3R3-S4-EVO, * 22.4-EVO before 22.4R3-S3-EVO, * 23.2-EVO before 23.2R2-S1-EVO, * 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

5.3 (Medium)


                        
                          CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

CWE

CWE-697 - Incorrect Comparison

Assigner

juniper

References

URL

Tags

https://supportportal.juniper.net/JSA88105

vendor-advisory

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS Evolved	Affected: 0 , < 21.4R3-S8-EVO (semver) Affected: 22.2-EVO , < 22.2R3-S4-EVO (semver) Affected: 22.3-EVO , < 22.3R3-S4-EVO (semver) Affected: 22.4-EVO , < 22.4R3-S3-EVO (semver) Affected: 23.2-EVO , < 23.2R2-S1-EVO (semver) Affected: 23.4-EVO , < 23.4R1-S2-EVO, 23.4R2-EVO (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39534",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-11T19:00:46.135385Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-11T19:00:54.386Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.4R3-S8-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S4-EVO",
              "status": "affected",
              "version": "22.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S4-EVO",
              "status": "affected",
              "version": "22.3-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S3-EVO",
              "status": "affected",
              "version": "22.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S1-EVO",
              "status": "affected",
              "version": "23.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R1-S2-EVO, 23.4R2-EVO",
              "status": "affected",
              "version": "23.4-EVO",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-09T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An\u0026nbsp;Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S8-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.2-EVO before 22.2R3-S4-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.3-EVO before 22.3R3-S4-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.4-EVO before 22.4R3-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e23.2-EVO before 23.2R2-S1-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "An\u00a0Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters.\n\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n  *  All versions before 21.4R3-S8-EVO,\u00a0\n  *  22.2-EVO before 22.2R3-S4-EVO,\u00a0\n  *  22.3-EVO before 22.3R3-S4-EVO,\u00a0\n  *  22.4-EVO before 22.4R3-S3-EVO,\u00a0\n  *  23.2-EVO before 23.2R2-S1-EVO,\u00a0\n  *  23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-697",
              "description": "CWE-697 Incorrect Comparison",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-11T15:18:08.326Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA88105"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S4-EVO*, 22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e*Future release"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S4-EVO*, 22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.\n\n*Future release"
        }
      ],
      "source": {
        "advisory": "JSA88105",
        "defect": [
          "1798629"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS Evolved: Connections to the network and broadcast address accepted",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use access lists or firewall filters to limit access to the device only from trusted hosts.\u003cbr\u003e"
            }
          ],
          "value": "Use access lists or firewall filters to limit access to the device only from trusted hosts."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-39534",
    "datePublished": "2024-10-11T15:18:08.326Z",
    "dateReserved": "2024-06-25T15:12:53.241Z",
    "dateUpdated": "2024-10-11T19:00:54.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An\\u00a0Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters.\\n\\nThis issue affects Junos OS Evolved:\\u00a0\\n\\n\\n\\n  *  All versions before 21.4R3-S8-EVO,\\u00a0\\n  *  22.2-EVO before 22.2R3-S4-EVO,\\u00a0\\n  *  22.3-EVO before 22.3R3-S4-EVO,\\u00a0\\n  *  22.4-EVO before 22.4R3-S3-EVO,\\u00a0\\n  *  23.2-EVO before 23.2R2-S1-EVO,\\u00a0\\n  *  23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de comparaci\\u00f3n incorrecta en la API de verificaci\\u00f3n de direcci\\u00f3n local de Juniper Networks Junos OS Evolved permite que un atacante no autenticado adyacente a la red cree sesiones o env\\u00ede tr\\u00e1fico al dispositivo utilizando la direcci\\u00f3n de red y de difusi\\u00f3n de la subred asignada a una interfaz. Este es un comportamiento no deseado e inesperado y puede permitir que un atacante eluda ciertos controles de compensaci\\u00f3n, como filtros de firewall sin estado. Este problema afecta a Junos OS Evolved: * Todas las versiones anteriores a 21.4R3-S8-EVO, * 22.2-EVO anteriores a 22.2R3-S4-EVO, * 22.3-EVO anteriores a 22.3R3-S4-EVO, * 22.4-EVO anteriores a 22.4R3-S3-EVO, * 23.2-EVO anteriores a 23.2R2-S1-EVO, * 23.4-EVO anteriores a 23.4R1-S2-EVO, 23.4R2-EVO.\"}]",
      "id": "CVE-2024-39534",
      "lastModified": "2024-10-15T12:58:51.050",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"LOW\", \"vulnerableSystemIntegrity\": \"LOW\", \"vulnerableSystemAvailability\": \"NONE\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"sirt@juniper.net\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.5}]}",
      "published": "2024-10-11T16:15:06.970",
      "references": "[{\"url\": \"https://supportportal.juniper.net/JSA88105\", \"source\": \"sirt@juniper.net\"}]",
      "sourceIdentifier": "sirt@juniper.net",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-697\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-39534\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2024-10-11T16:15:06.970\",\"lastModified\":\"2024-10-15T12:58:51.050\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An\u00a0Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters.\\n\\nThis issue affects Junos OS Evolved:\u00a0\\n\\n\\n\\n  *  All versions before 21.4R3-S8-EVO,\u00a0\\n  *  22.2-EVO before 22.2R3-S4-EVO,\u00a0\\n  *  22.3-EVO before 22.3R3-S4-EVO,\u00a0\\n  *  22.4-EVO before 22.4R3-S3-EVO,\u00a0\\n  *  23.2-EVO before 23.2R2-S1-EVO,\u00a0\\n  *  23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de comparaci\u00f3n incorrecta en la API de verificaci\u00f3n de direcci\u00f3n local de Juniper Networks Junos OS Evolved permite que un atacante no autenticado adyacente a la red cree sesiones o env\u00ede tr\u00e1fico al dispositivo utilizando la direcci\u00f3n de red y de difusi\u00f3n de la subred asignada a una interfaz. Este es un comportamiento no deseado e inesperado y puede permitir que un atacante eluda ciertos controles de compensaci\u00f3n, como filtros de firewall sin estado. Este problema afecta a Junos OS Evolved: * Todas las versiones anteriores a 21.4R3-S8-EVO, * 22.2-EVO anteriores a 22.2R3-S4-EVO, * 22.3-EVO anteriores a 22.3R3-S4-EVO, * 22.4-EVO anteriores a 22.4R3-S3-EVO, * 23.2-EVO anteriores a 23.2R2-S1-EVO, * 23.4-EVO anteriores a 23.4R1-S2-EVO, 23.4R2-EVO.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-697\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA88105\",\"source\":\"sirt@juniper.net\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-39534\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-11T19:00:46.135385Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-11T19:00:50.386Z\"}}], \"cna\": {\"title\": \"Junos OS Evolved: Connections to the network and broadcast address accepted\", \"source\": {\"defect\": [\"1798629\"], \"advisory\": \"JSA88105\", \"discovery\": \"USER\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS Evolved\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"21.4R3-S8-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.2-EVO\", \"lessThan\": \"22.2R3-S4-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.3-EVO\", \"lessThan\": \"22.3R3-S4-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.4-EVO\", \"lessThan\": \"22.4R3-S3-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.2-EVO\", \"lessThan\": \"23.2R2-S1-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.4-EVO\", \"lessThan\": \"23.4R1-S2-EVO, 23.4R2-EVO\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S4-EVO*, 22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.\\n\\n*Future release\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The following software releases have been updated to resolve this specific issue: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S4-EVO*, 22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e*Future release\", \"base64\": false}]}], \"datePublic\": \"2024-10-09T16:00:00.000Z\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA88105\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Use access lists or firewall filters to limit access to the device only from trusted hosts.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Use access lists or firewall filters to limit access to the device only from trusted hosts.\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An\\u00a0Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters.\\n\\nThis issue affects Junos OS Evolved:\\u00a0\\n\\n\\n\\n  *  All versions before 21.4R3-S8-EVO,\\u00a0\\n  *  22.2-EVO before 22.2R3-S4-EVO,\\u00a0\\n  *  22.3-EVO before 22.3R3-S4-EVO,\\u00a0\\n  *  22.4-EVO before 22.4R3-S3-EVO,\\u00a0\\n  *  23.2-EVO before 23.2R2-S1-EVO,\\u00a0\\n  *  23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An\u0026nbsp;Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S8-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.2-EVO before 22.2R3-S4-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.3-EVO before 22.3R3-S4-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.4-EVO before 22.4R3-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e23.2-EVO before 23.2R2-S1-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-697\", \"description\": \"CWE-697 Incorrect Comparison\"}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2024-10-11T15:18:08.326Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-39534\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-11T19:00:54.386Z\", \"dateReserved\": \"2024-06-25T15:12:53.241Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2024-10-11T15:18:08.326Z\", \"assignerShortName\": \"juniper\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-MJFX-92V4-6MF3

Vulnerability from github – Published: 2024-10-11 18:32 – Updated: 2024-10-11 18:32

Details

This issue affects Junos OS Evolved:

All versions before 21.4R3-S8-EVO,
22.2-EVO before 22.2R3-S4-EVO,
22.3-EVO before 22.3R3-S4-EVO,
22.4-EVO before 22.4R3-S3-EVO,
23.2-EVO before 23.2R2-S1-EVO,
23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.

Severity ?

5.4 (Medium)


                  
                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

5.3 (Medium)


                  
                    CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-39534"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-697"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-11T16:15:06Z",
    "severity": "MODERATE"
  },
  "details": "An\u00a0Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters.\n\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n  *  All versions before 21.4R3-S8-EVO,\u00a0\n  *  22.2-EVO before 22.2R3-S4-EVO,\u00a0\n  *  22.3-EVO before 22.3R3-S4-EVO,\u00a0\n  *  22.4-EVO before 22.4R3-S3-EVO,\u00a0\n  *  23.2-EVO before 23.2R2-S1-EVO,\u00a0\n  *  23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.",
  "id": "GHSA-mjfx-92v4-6mf3",
  "modified": "2024-10-11T18:32:49Z",
  "published": "2024-10-11T18:32:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39534"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA88105"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CERTFR-2024-AVI-0866

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions suivantes de Junos OS et Junos OS Evolved sont à paraître : 22.2R3-S5, 22.3R3-S4, 24.2R2, 24.4R1, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 24.2R2-EVO et 24.4R1-EVO

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Junos OS versions antérieures à 21.2R3-S1, 21.2R3-S7, 21.2R3-S8, 21.3R3, 21.3R3-S1, 21.4R2, 21.4R3, 21.4R3-S6, 21.4R3-S7, 21.4R3-S8, 21.4R3-S9, 22.1R1, 22.1R2, 22.1R3-S5, 22.1R3-S6, 22.2R1-S2, 22.2R2, 22.2R3-S3, 22.2R3-S4, 22.2R3-S5, 22.3R1, 22.3R3-S2, 22.3R3-S3, 22.3R3-S4, 22.4R3, 22.4R3-S2, 22.4R3-S3, 22.4R3-S4, 23.2R1, 23.2R2, 23.2R2-S1, 23.2R2-S2, 23.4R1, 23.4R1-S2, 23.4R2, 23.4R2-S1, 24.1R1, 24.2R1, 24.2R1-S1 et 24.2R2
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.2R3-S8-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 21.4R3-S7-EVO, 21.4R3-S8-EVO, 21.4R3-S9-EVO, 22.1R3-S5-EVO, 22.1R3-S6-EVO, 22.2R3-EVO, 22.2R3-S3-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.3R3-S2-EVO, 22.3R3-S3-EVO, 22.3R3-S4-EVO, 22.4R2-EVO, 22.4R3-EVO, 22.4R3-S1-EVO, 22.4R3-S2-EVO, 22.4R3-S3-EVO, 23.2R1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.2R2-S2-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 23.4R2-S1-EVO, 24.2R1-EVO, 24.2R1-EVO et 24.2R2-EVO
Juniper Networks	N/A	Junos Space 24.1R1 sans le correctif de sécurité Patch V1 et V2

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA88112	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88121	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88104	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88107	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88105	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88134	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88123	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88128	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88106	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88136	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88110	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88122	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88124	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88111	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88108	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88100	2024-10-16	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88131	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88099	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88135	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88102	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88116	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88097	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88133	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88137	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88119	2024-10-15	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88103	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88138	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88129	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88115	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88120	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88132	2024-10-09	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S1, 21.2R3-S7, 21.2R3-S8, 21.3R3, 21.3R3-S1, 21.4R2, 21.4R3, 21.4R3-S6, 21.4R3-S7, 21.4R3-S8, 21.4R3-S9, 22.1R1, 22.1R2, 22.1R3-S5, 22.1R3-S6, 22.2R1-S2, 22.2R2, 22.2R3-S3, 22.2R3-S4, 22.2R3-S5, 22.3R1, 22.3R3-S2, 22.3R3-S3, 22.3R3-S4, 22.4R3, 22.4R3-S2, 22.4R3-S3, 22.4R3-S4, 23.2R1, 23.2R2, 23.2R2-S1, 23.2R2-S2, 23.4R1, 23.4R1-S2, 23.4R2, 23.4R2-S1, 24.1R1, 24.2R1, 24.2R1-S1 et 24.2R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.2R3-S8-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 21.4R3-S7-EVO, 21.4R3-S8-EVO, 21.4R3-S9-EVO, 22.1R3-S5-EVO, 22.1R3-S6-EVO, 22.2R3-EVO, 22.2R3-S3-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.3R3-S2-EVO, 22.3R3-S3-EVO, 22.3R3-S4-EVO, 22.4R2-EVO, 22.4R3-EVO, 22.4R3-S1-EVO, 22.4R3-S2-EVO, 22.4R3-S3-EVO, 23.2R1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.2R2-S2-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 23.4R2-S1-EVO, 24.2R1-EVO, 24.2R1-EVO et 24.2R2-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space 24.1R1 sans le correctif de s\u00e9curit\u00e9 Patch V1 et V2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "Les versions suivantes de Junos OS et Junos OS Evolved sont \u00e0 para\u00eetre : 22.2R3-S5, 22.3R3-S4, 24.2R2, 24.4R1, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 24.2R2-EVO et 24.4R1-EVO",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2016-1247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1247"
    },
    {
      "name": "CVE-2024-47501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47501"
    },
    {
      "name": "CVE-2024-47496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47496"
    },
    {
      "name": "CVE-2023-51385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
    },
    {
      "name": "CVE-2024-47493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47493"
    },
    {
      "name": "CVE-2024-39515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39515"
    },
    {
      "name": "CVE-2021-3618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3618"
    },
    {
      "name": "CVE-2023-31124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
    },
    {
      "name": "CVE-2023-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3823"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2024-39525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39525"
    },
    {
      "name": "CVE-2024-47498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47498"
    },
    {
      "name": "CVE-2016-0746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0746"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2017-20005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-20005"
    },
    {
      "name": "CVE-2024-39544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39544"
    },
    {
      "name": "CVE-2016-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4450"
    },
    {
      "name": "CVE-2023-0568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0568"
    },
    {
      "name": "CVE-2024-47489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47489"
    },
    {
      "name": "CVE-2022-41741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41741"
    },
    {
      "name": "CVE-2024-47494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47494"
    },
    {
      "name": "CVE-2024-39534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39534"
    },
    {
      "name": "CVE-2024-47499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47499"
    },
    {
      "name": "CVE-2022-41742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
    },
    {
      "name": "CVE-2024-39526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39526"
    },
    {
      "name": "CVE-2024-39547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39547"
    },
    {
      "name": "CVE-2023-31147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
    },
    {
      "name": "CVE-2024-47495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47495"
    },
    {
      "name": "CVE-2019-20372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20372"
    },
    {
      "name": "CVE-2016-0747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0747"
    },
    {
      "name": "CVE-2021-23017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
    },
    {
      "name": "CVE-2024-47490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47490"
    },
    {
      "name": "CVE-2018-16845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16845"
    },
    {
      "name": "CVE-2024-47491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47491"
    },
    {
      "name": "CVE-2017-7529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7529"
    },
    {
      "name": "CVE-2024-39527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39527"
    },
    {
      "name": "CVE-2024-39563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39563"
    },
    {
      "name": "CVE-2024-47502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47502"
    },
    {
      "name": "CVE-2024-39516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39516"
    },
    {
      "name": "CVE-2024-47503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47503"
    },
    {
      "name": "CVE-2023-0567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0567"
    },
    {
      "name": "CVE-2024-47506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47506"
    },
    {
      "name": "CVE-2023-0662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0662"
    },
    {
      "name": "CVE-2024-4741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
    },
    {
      "name": "CVE-2016-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0742"
    },
    {
      "name": "CVE-2024-47504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47504"
    },
    {
      "name": "CVE-2023-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3824"
    },
    {
      "name": "CVE-2023-31130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
    },
    {
      "name": "CVE-2024-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
    },
    {
      "name": "CVE-2024-47507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47507"
    },
    {
      "name": "CVE-2024-47497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47497"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0866",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88112",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-c-ares-1-18-1"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88121",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Due-to-a-race-condition-AgentD-process-causes-a-memory-corruption-and-FPC-reset-CVE-2024-47494"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88104",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-Low-privileged-user-able-to-access-sensitive-information-on-file-system-CVE-2024-39527"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88107",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-resolved-in-OpenSSL"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88105",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Connections-to-the-network-and-broadcast-address-accepted-CVE-2024-39534"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88134",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX5000-Series-Receipt-of-a-specific-malformed-packet-will-cause-a-flowd-crash-CVE-2024-47504"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88123",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-MX-Series-The-PFE-will-crash-on-running-specific-command-CVE-2024-47496"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88128",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-QFX5000-Series-Configured-MAC-learning-and-move-limits-are-not-in-effect-CVE-2024-47498"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88106",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Low-privileged-local-user-able-to-view-NETCONF-traceoptions-files-CVE-2024-39544"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88136",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Specific-low-privileged-CLI-commands-and-SNMP-GET-requests-can-trigger-a-resource-leak"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88110",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-Space-Remote-Command-Execution-RCE-vulnerability-in-web-application-CVE-2024-39563"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88122",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-In-a-dual-RE-scenario-a-locally-authenticated-attacker-with-shell-privileges-can-take-over-the-device-CVE-2024-47495"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88124",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-QFX-Series-MX-Series-and-EX-Series-Receiving-specific-HTTPS-traffic-causes-resource-exhaustion-CVE-2024-47497"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88111",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-ACX-Series-Receipt-of-specific-transit-protocol-packets-is-incorrectly-processed-by-the-RE-CVE-2024-47489"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88108",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-cRPD-Receipt-of-crafted-TCP-traffic-can-trigger-high-CPU-utilization-CVE-2024-39547"
    },
    {
      "published_at": "2024-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88100",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specifically-malformed-BGP-packet-causes-RPD-crash-when-segment-routing-is-enabled-CVE-2024-39516"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88131",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-MX304-MX-with-MPC10-11-LC9600-and-EX9200-with-EX9200-15C-In-a-VPLS-or-Junos-Fusion-scenario-specific-show-commands-cause-an-FPC-crash-CVE-2024-47501"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88099",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-BGP-traceoptions-enabled-receipt-of-specially-crafted-BGP-update-causes-RPD-crash-CVE-2024-39515"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88135",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-OSS-component-nginx-resolved"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88102",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-nexthop-traceoptions-is-enabled-receipt-of-specially-crafted-BGP-packet-causes-RPD-crash-CVE-2024-39525"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88116",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-malformed-BGP-path-attribute-leads-to-an-RPD-crash-CVE-2024-47491"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88097",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-Space-OS-command-injection-vulnerability-in-OpenSSH-CVE-2023-51385"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88133",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX4600-and-SRX5000-Series-Sequence-of-specific-PIM-packets-causes-a-flowd-crash-CVE-2024-47503"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88137",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-A-large-amount-of-traffic-being-processed-by-ATP-Cloud-can-lead-to-a-PFE-crash-CVE-2024-47506"
    },
    {
      "published_at": "2024-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88119",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX5K-SRX4600-and-MX-Series-Trio-based-FPCs-Continuous-physical-interface-flaps-causes-local-FPC-to-crash-CVE-2024-47493"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88103",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-MX-Series-with-MPC10-MPC11-LC9600-MX304-EX9200-PTX-Series-Receipt-of-malformed-DHCP-packets-causes-interfaces-to-stop-processing-packets-CVE-2024-39526"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88138",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-update-message-containing-aggregator-attribute-with-an-ASN-value-of-zero-0-is-accepted-CVE-2024-47507"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88129",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-BMP-scenario-receipt-of-a-malformed-AS-PATH-attribute-can-cause-an-RPD-core-CVE-2024-47499"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88115",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-ACX-7000-Series-Receipt-of-specific-transit-MPLS-packets-causes-resources-to-be-exhausted-CVE-2024-47490"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88120",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-J-Web-Multiple-vulnerabilities-resolved-in-PHP-software"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88132",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-TCP-session-state-is-not-always-cleared-on-the-Routing-Engine-CVE-2024-47502"
    }
  ]
}

CERTFR-2024-AVI-0866

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions suivantes de Junos OS et Junos OS Evolved sont à paraître : 22.2R3-S5, 22.3R3-S4, 24.2R2, 24.4R1, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 24.2R2-EVO et 24.4R1-EVO

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Junos OS versions antérieures à 21.2R3-S1, 21.2R3-S7, 21.2R3-S8, 21.3R3, 21.3R3-S1, 21.4R2, 21.4R3, 21.4R3-S6, 21.4R3-S7, 21.4R3-S8, 21.4R3-S9, 22.1R1, 22.1R2, 22.1R3-S5, 22.1R3-S6, 22.2R1-S2, 22.2R2, 22.2R3-S3, 22.2R3-S4, 22.2R3-S5, 22.3R1, 22.3R3-S2, 22.3R3-S3, 22.3R3-S4, 22.4R3, 22.4R3-S2, 22.4R3-S3, 22.4R3-S4, 23.2R1, 23.2R2, 23.2R2-S1, 23.2R2-S2, 23.4R1, 23.4R1-S2, 23.4R2, 23.4R2-S1, 24.1R1, 24.2R1, 24.2R1-S1 et 24.2R2
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.2R3-S8-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 21.4R3-S7-EVO, 21.4R3-S8-EVO, 21.4R3-S9-EVO, 22.1R3-S5-EVO, 22.1R3-S6-EVO, 22.2R3-EVO, 22.2R3-S3-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.3R3-S2-EVO, 22.3R3-S3-EVO, 22.3R3-S4-EVO, 22.4R2-EVO, 22.4R3-EVO, 22.4R3-S1-EVO, 22.4R3-S2-EVO, 22.4R3-S3-EVO, 23.2R1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.2R2-S2-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 23.4R2-S1-EVO, 24.2R1-EVO, 24.2R1-EVO et 24.2R2-EVO
Juniper Networks	N/A	Junos Space 24.1R1 sans le correctif de sécurité Patch V1 et V2

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA88112	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88121	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88104	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88107	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88105	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88134	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88123	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88128	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88106	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88136	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88110	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88122	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88124	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88111	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88108	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88100	2024-10-16	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88131	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88099	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88135	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88102	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88116	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88097	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88133	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88137	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88119	2024-10-15	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88103	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88138	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88129	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88115	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88120	2024-10-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA88132	2024-10-09	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S1, 21.2R3-S7, 21.2R3-S8, 21.3R3, 21.3R3-S1, 21.4R2, 21.4R3, 21.4R3-S6, 21.4R3-S7, 21.4R3-S8, 21.4R3-S9, 22.1R1, 22.1R2, 22.1R3-S5, 22.1R3-S6, 22.2R1-S2, 22.2R2, 22.2R3-S3, 22.2R3-S4, 22.2R3-S5, 22.3R1, 22.3R3-S2, 22.3R3-S3, 22.3R3-S4, 22.4R3, 22.4R3-S2, 22.4R3-S3, 22.4R3-S4, 23.2R1, 23.2R2, 23.2R2-S1, 23.2R2-S2, 23.4R1, 23.4R1-S2, 23.4R2, 23.4R2-S1, 24.1R1, 24.2R1, 24.2R1-S1 et 24.2R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.2R3-S8-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 21.4R3-S7-EVO, 21.4R3-S8-EVO, 21.4R3-S9-EVO, 22.1R3-S5-EVO, 22.1R3-S6-EVO, 22.2R3-EVO, 22.2R3-S3-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.3R3-S2-EVO, 22.3R3-S3-EVO, 22.3R3-S4-EVO, 22.4R2-EVO, 22.4R3-EVO, 22.4R3-S1-EVO, 22.4R3-S2-EVO, 22.4R3-S3-EVO, 23.2R1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.2R2-S2-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 23.4R2-S1-EVO, 24.2R1-EVO, 24.2R1-EVO et 24.2R2-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space 24.1R1 sans le correctif de s\u00e9curit\u00e9 Patch V1 et V2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "Les versions suivantes de Junos OS et Junos OS Evolved sont \u00e0 para\u00eetre : 22.2R3-S5, 22.3R3-S4, 24.2R2, 24.4R1, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 24.2R2-EVO et 24.4R1-EVO",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2016-1247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1247"
    },
    {
      "name": "CVE-2024-47501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47501"
    },
    {
      "name": "CVE-2024-47496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47496"
    },
    {
      "name": "CVE-2023-51385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
    },
    {
      "name": "CVE-2024-47493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47493"
    },
    {
      "name": "CVE-2024-39515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39515"
    },
    {
      "name": "CVE-2021-3618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3618"
    },
    {
      "name": "CVE-2023-31124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
    },
    {
      "name": "CVE-2023-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3823"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2024-39525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39525"
    },
    {
      "name": "CVE-2024-47498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47498"
    },
    {
      "name": "CVE-2016-0746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0746"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2017-20005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-20005"
    },
    {
      "name": "CVE-2024-39544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39544"
    },
    {
      "name": "CVE-2016-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4450"
    },
    {
      "name": "CVE-2023-0568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0568"
    },
    {
      "name": "CVE-2024-47489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47489"
    },
    {
      "name": "CVE-2022-41741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41741"
    },
    {
      "name": "CVE-2024-47494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47494"
    },
    {
      "name": "CVE-2024-39534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39534"
    },
    {
      "name": "CVE-2024-47499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47499"
    },
    {
      "name": "CVE-2022-41742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
    },
    {
      "name": "CVE-2024-39526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39526"
    },
    {
      "name": "CVE-2024-39547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39547"
    },
    {
      "name": "CVE-2023-31147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
    },
    {
      "name": "CVE-2024-47495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47495"
    },
    {
      "name": "CVE-2019-20372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20372"
    },
    {
      "name": "CVE-2016-0747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0747"
    },
    {
      "name": "CVE-2021-23017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
    },
    {
      "name": "CVE-2024-47490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47490"
    },
    {
      "name": "CVE-2018-16845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16845"
    },
    {
      "name": "CVE-2024-47491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47491"
    },
    {
      "name": "CVE-2017-7529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7529"
    },
    {
      "name": "CVE-2024-39527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39527"
    },
    {
      "name": "CVE-2024-39563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39563"
    },
    {
      "name": "CVE-2024-47502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47502"
    },
    {
      "name": "CVE-2024-39516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39516"
    },
    {
      "name": "CVE-2024-47503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47503"
    },
    {
      "name": "CVE-2023-0567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0567"
    },
    {
      "name": "CVE-2024-47506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47506"
    },
    {
      "name": "CVE-2023-0662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0662"
    },
    {
      "name": "CVE-2024-4741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
    },
    {
      "name": "CVE-2016-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0742"
    },
    {
      "name": "CVE-2024-47504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47504"
    },
    {
      "name": "CVE-2023-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3824"
    },
    {
      "name": "CVE-2023-31130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
    },
    {
      "name": "CVE-2024-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
    },
    {
      "name": "CVE-2024-47507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47507"
    },
    {
      "name": "CVE-2024-47497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47497"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0866",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88112",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-c-ares-1-18-1"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88121",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Due-to-a-race-condition-AgentD-process-causes-a-memory-corruption-and-FPC-reset-CVE-2024-47494"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88104",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-Low-privileged-user-able-to-access-sensitive-information-on-file-system-CVE-2024-39527"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88107",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-resolved-in-OpenSSL"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88105",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Connections-to-the-network-and-broadcast-address-accepted-CVE-2024-39534"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88134",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX5000-Series-Receipt-of-a-specific-malformed-packet-will-cause-a-flowd-crash-CVE-2024-47504"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88123",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-MX-Series-The-PFE-will-crash-on-running-specific-command-CVE-2024-47496"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88128",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-QFX5000-Series-Configured-MAC-learning-and-move-limits-are-not-in-effect-CVE-2024-47498"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88106",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Low-privileged-local-user-able-to-view-NETCONF-traceoptions-files-CVE-2024-39544"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88136",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Specific-low-privileged-CLI-commands-and-SNMP-GET-requests-can-trigger-a-resource-leak"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88110",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-Space-Remote-Command-Execution-RCE-vulnerability-in-web-application-CVE-2024-39563"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88122",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-In-a-dual-RE-scenario-a-locally-authenticated-attacker-with-shell-privileges-can-take-over-the-device-CVE-2024-47495"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88124",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-QFX-Series-MX-Series-and-EX-Series-Receiving-specific-HTTPS-traffic-causes-resource-exhaustion-CVE-2024-47497"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88111",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-ACX-Series-Receipt-of-specific-transit-protocol-packets-is-incorrectly-processed-by-the-RE-CVE-2024-47489"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88108",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-cRPD-Receipt-of-crafted-TCP-traffic-can-trigger-high-CPU-utilization-CVE-2024-39547"
    },
    {
      "published_at": "2024-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88100",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specifically-malformed-BGP-packet-causes-RPD-crash-when-segment-routing-is-enabled-CVE-2024-39516"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88131",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-MX304-MX-with-MPC10-11-LC9600-and-EX9200-with-EX9200-15C-In-a-VPLS-or-Junos-Fusion-scenario-specific-show-commands-cause-an-FPC-crash-CVE-2024-47501"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88099",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-BGP-traceoptions-enabled-receipt-of-specially-crafted-BGP-update-causes-RPD-crash-CVE-2024-39515"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88135",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-OSS-component-nginx-resolved"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88102",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-nexthop-traceoptions-is-enabled-receipt-of-specially-crafted-BGP-packet-causes-RPD-crash-CVE-2024-39525"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88116",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-malformed-BGP-path-attribute-leads-to-an-RPD-crash-CVE-2024-47491"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88097",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-Space-OS-command-injection-vulnerability-in-OpenSSH-CVE-2023-51385"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88133",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX4600-and-SRX5000-Series-Sequence-of-specific-PIM-packets-causes-a-flowd-crash-CVE-2024-47503"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88137",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-A-large-amount-of-traffic-being-processed-by-ATP-Cloud-can-lead-to-a-PFE-crash-CVE-2024-47506"
    },
    {
      "published_at": "2024-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88119",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX5K-SRX4600-and-MX-Series-Trio-based-FPCs-Continuous-physical-interface-flaps-causes-local-FPC-to-crash-CVE-2024-47493"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88103",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-MX-Series-with-MPC10-MPC11-LC9600-MX304-EX9200-PTX-Series-Receipt-of-malformed-DHCP-packets-causes-interfaces-to-stop-processing-packets-CVE-2024-39526"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88138",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-update-message-containing-aggregator-attribute-with-an-ASN-value-of-zero-0-is-accepted-CVE-2024-47507"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88129",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-BMP-scenario-receipt-of-a-malformed-AS-PATH-attribute-can-cause-an-RPD-core-CVE-2024-47499"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88115",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-ACX-7000-Series-Receipt-of-specific-transit-MPLS-packets-causes-resources-to-be-exhausted-CVE-2024-47490"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88120",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-J-Web-Multiple-vulnerabilities-resolved-in-PHP-software"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88132",
      "url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-TCP-session-state-is-not-always-cleared-on-the-Routing-Engine-CVE-2024-47502"
    }
  ]
}

FKIE_CVE-2024-39534

Vulnerability from fkie_nvd - Published: 2024-10-11 16:15 - Updated: 2024-10-15 12:58

Severity ?

5.4 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

References

	URL	Tags
	sirt@juniper.net	https://supportportal.juniper.net/JSA88105

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An\u00a0Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters.\n\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n  *  All versions before 21.4R3-S8-EVO,\u00a0\n  *  22.2-EVO before 22.2R3-S4-EVO,\u00a0\n  *  22.3-EVO before 22.3R3-S4-EVO,\u00a0\n  *  22.4-EVO before 22.4R3-S3-EVO,\u00a0\n  *  23.2-EVO before 23.2R2-S1-EVO,\u00a0\n  *  23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de comparaci\u00f3n incorrecta en la API de verificaci\u00f3n de direcci\u00f3n local de Juniper Networks Junos OS Evolved permite que un atacante no autenticado adyacente a la red cree sesiones o env\u00ede tr\u00e1fico al dispositivo utilizando la direcci\u00f3n de red y de difusi\u00f3n de la subred asignada a una interfaz. Este es un comportamiento no deseado e inesperado y puede permitir que un atacante eluda ciertos controles de compensaci\u00f3n, como filtros de firewall sin estado. Este problema afecta a Junos OS Evolved: * Todas las versiones anteriores a 21.4R3-S8-EVO, * 22.2-EVO anteriores a 22.2R3-S4-EVO, * 22.3-EVO anteriores a 22.3R3-S4-EVO, * 22.4-EVO anteriores a 22.4R3-S3-EVO, * 23.2-EVO anteriores a 23.2R2-S1-EVO, * 23.4-EVO anteriores a 23.4R1-S2-EVO, 23.4R2-EVO."
    }
  ],
  "id": "CVE-2024-39534",
  "lastModified": "2024-10-15T12:58:51.050",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "sirt@juniper.net",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "ADJACENT",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-11T16:15:06.970",
  "references": [
    {
      "source": "sirt@juniper.net",
      "url": "https://supportportal.juniper.net/JSA88105"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-697"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Secondary"
    }
  ]
}

WID-SEC-W-2024-3140

Vulnerability from csaf_certbund - Published: 2024-10-09 22:00 - Updated: 2025-01-08 23:00

Summary

Juniper JUNOS: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS ausnutzen, um Denial-of-Service-Zustände herbeizuführen, Informationen preiszugeben, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen.

Betroffene Betriebssysteme

- UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS ausnutzen, um Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen preiszugeben, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3140 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3140.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3140 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3140"
      },
      {
        "category": "external",
        "summary": "Juniper Patchday October 2024 vom 2024-10-09",
        "url": "https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending\u0026numberOfResults=50\u0026f:ctype=%5BSecurity%20Advisories%5D"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisory JSA92874 vom 2024-01-09",
        "url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release"
      }
    ],
    "source_lang": "en-US",
    "title": "Juniper JUNOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-01-08T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-09T09:13:11.618+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-3140",
      "initial_release_date": "2024-10-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-10-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-10-10T22:00:00.000+00:00",
          "number": "2",
          "summary": "Juniper Link angepasst"
        },
        {
          "date": "2025-01-08T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Juniper aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Juniper JUNOS",
            "product": {
              "name": "Juniper JUNOS",
              "product_id": "T038242",
              "product_identification_helper": {
                "cpe": "cpe:/o:juniper:junos:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c24.1R2",
                "product": {
                  "name": "Juniper Junos Space \u003c24.1R2",
                  "product_id": "T040074"
                }
              },
              {
                "category": "product_version",
                "name": "24.1R2",
                "product": {
                  "name": "Juniper Junos Space 24.1R2",
                  "product_id": "T040074-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:juniper:junos_space:24.1r2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Junos Space"
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-38240",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2023-38240"
    },
    {
      "cve": "CVE-2023-51385",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2023-51385"
    },
    {
      "cve": "CVE-2024-39515",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-39515"
    },
    {
      "cve": "CVE-2024-39516",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-39516"
    },
    {
      "cve": "CVE-2024-39525",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-39525"
    },
    {
      "cve": "CVE-2024-39526",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-39526"
    },
    {
      "cve": "CVE-2024-39527",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-39527"
    },
    {
      "cve": "CVE-2024-39534",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-39534"
    },
    {
      "cve": "CVE-2024-39544",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-39544"
    },
    {
      "cve": "CVE-2024-39547",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-39547"
    },
    {
      "cve": "CVE-2024-39563",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-39563"
    },
    {
      "cve": "CVE-2024-47489",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47489"
    },
    {
      "cve": "CVE-2024-47490",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47490"
    },
    {
      "cve": "CVE-2024-47491",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47491"
    },
    {
      "cve": "CVE-2024-47493",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47493"
    },
    {
      "cve": "CVE-2024-47494",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47494"
    },
    {
      "cve": "CVE-2024-47495",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47495"
    },
    {
      "cve": "CVE-2024-47496",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47496"
    },
    {
      "cve": "CVE-2024-47497",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47497"
    },
    {
      "cve": "CVE-2024-47498",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47498"
    },
    {
      "cve": "CVE-2024-47499",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47499"
    },
    {
      "cve": "CVE-2024-47501",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47501"
    },
    {
      "cve": "CVE-2024-47502",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47502"
    },
    {
      "cve": "CVE-2024-47503",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47503"
    },
    {
      "cve": "CVE-2024-47504",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47504"
    },
    {
      "cve": "CVE-2024-47506",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47506"
    },
    {
      "cve": "CVE-2024-47507",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in verschiedenen Produkten von Juniper. Diese werden durch verschiedene sicherheitsrelevante Probleme verursacht, darunter unzureichende Eingabevalidierung, unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Speicherung von Klartextdaten, Race Conditions und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen es Angreifern, Denial-of-Service-Zust\u00e4nde herbeizuf\u00fchren, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen zu umgehen, einschlie\u00dflich der Autorisierung, was zu einer vollst\u00e4ndigen Kontrolle \u00fcber das Ger\u00e4t f\u00fchrt. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Anmeldung oder Benutzerinteraktion, erh\u00f6hte Berechtigungen oder spezielle Bedingungen, die vor der Ausnutzung erf\u00fcllt sein m\u00fcssen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040074",
          "T038242"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47507"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-39534 (GCVE-0-2024-39534)

GHSA-MJFX-92V4-6MF3

CERTFR-2024-AVI-0866

Solutions

CERTFR-2024-AVI-0866

Solutions

FKIE_CVE-2024-39534

WID-SEC-W-2024-3140

Tags

Sightings

Nomenclature