CVE-2024-39534

MEDIUM

Juniper Networks Junos OS Evolved - Info Disclosure

Title source: llm

Description

An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters. This issue affects Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * 22.2-EVO before 22.2R3-S4-EVO, * 22.3-EVO before 22.3R3-S4-EVO, * 22.4-EVO before 22.4R3-S3-EVO, * 23.2-EVO before 23.2R2-S1-EVO, * 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.

References (1)

[Vendor Advisory] https://supportportal.juniper.net/JSA88105

Scores

CVSS v3 5.4

EPSS 0.0004

EPSS Percentile 12.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-697

Status published

Products (5)

juniper/junos_os_evolved 21.4 (15 CPE variants)

juniper/junos_os_evolved 22.2 (11 CPE variants)

juniper/junos_os_evolved 22.3 (11 CPE variants)

juniper/junos_os_evolved 22.4 (10 CPE variants)

juniper/junos_os_evolved 23.2 (3 CPE variants)

Published Oct 11, 2024

Tracked Since Feb 18, 2026