CVE-2024-39534

11.10.2024, 16:15

AnIncorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters.

This issue affects Junos OS Evolved:



  *  All versions before 21.4R3-S8-EVO,
  *  22.2-EVO before 22.2R3-S4-EVO,
  *  22.3-EVO before 22.3R3-S4-EVO,
  *  22.4-EVO before 22.4R3-S3-EVO,
  *  23.2-EVO before 23.2R2-S1-EVO,
  *  23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.4 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
juniper	CNA	5.4 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Common Weakness Enumeration

CWE-697 - Incorrect Comparison
The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

References

https://supportportal.juniper.net/JSA88105