CVE-2024-39534
Oct. 15, 2024, 12:58 p.m.
Tags
CVSS Score
Product(s) Impacted
Juniper Networks Junos OS Evolved
- All versions before 21.4R3-S8-EVO
- 22.2-EVO before 22.2R3-S4-EVO
- 22.3-EVO before 22.3R3-S4-EVO
- 22.4-EVO before 22.4R3-S3-EVO
- 23.2-EVO before 23.2R2-S1-EVO
- 23.4-EVO before 23.4R1-S2-EVO
- 23.4R2-EVO
Description
An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters. This issue affects Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * 22.2-EVO before 22.2R3-S4-EVO, * 22.3-EVO before 22.3R3-S4-EVO, * 22.4-EVO before 22.4R3-S3-EVO, * 23.2-EVO before 23.2R2-S1-EVO, * 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.
Weaknesses
CWE-697
Incorrect Comparison
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
CWE ID: 697Date
Published: Oct. 11, 2024, 4:15 p.m.
Last Modified: Oct. 15, 2024, 12:58 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
sirt@juniper.net
CVSS Data
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
Base Score
Exploitability Score
Impact Score
Base Severity
MEDIUMCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N