{"{\"title\":\"Unintended and Unexpected Behavior Allowing Bypass of Compensating Controls\",\"product\":\"Junos OS Evolved\"}","{\"title\":\"Incorrect Comparison Vulnerability in Local Address Verification API\",\"product\":\"Junos OS Evolved\"}"}
CVE-2024-39534

5.4MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os Evolved
Vendor: CVE Published:; 11 October 2024

Summary

An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters.

This issue affects Junos OS Evolved:

All versions before 21.4R3-S8-EVO,
22.2-EVO before 22.2R3-S4-EVO,
22.3-EVO before 22.3R3-S4-EVO,
22.4-EVO before 22.4R3-S3-EVO,
23.2-EVO before 23.2R2-S1-EVO,
23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.

Affected Version(s)

Junos OS Evolved 0 < 21.4R3-S8-EVO

Junos OS Evolved 22.2-EVO < 22.2R3-S4-EVO

Junos OS Evolved 22.3-EVO < 22.3R3-S4-EVO

References

https://supportportal.juniper.net/JSA88105

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Jun 25, 2024

Collectors

NVD DatabaseMitre Database