{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39534", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2024-06-25T15:12:53.241Z", "datePublished": "2024-10-11T15:18:08.326Z", "dateUpdated": "2024-10-11T19:00:54.386Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.4R3-S8-EVO", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "22.2R3-S4-EVO", "status": "affected", "version": "22.2-EVO", "versionType": "semver"}, {"lessThan": "22.3R3-S4-EVO", "status": "affected", "version": "22.3-EVO", "versionType": "semver"}, {"lessThan": "22.4R3-S3-EVO", "status": "affected", "version": "22.4-EVO", "versionType": "semver"}, {"lessThan": "23.2R2-S1-EVO", "status": "affected", "version": "23.2-EVO", "versionType": "semver"}, {"lessThan": "23.4R1-S2-EVO, 23.4R2-EVO", "status": "affected", "version": "23.4-EVO", "versionType": "semver"}]}], "datePublic": "2024-10-09T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An&nbsp;Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters.<br><br><p>This issue affects Junos OS Evolved:&nbsp;</p><p></p><ul><li>All versions before 21.4R3-S8-EVO,&nbsp;</li><li>22.2-EVO before 22.2R3-S4-EVO,&nbsp;</li><li>22.3-EVO before 22.3R3-S4-EVO,&nbsp;</li><li>22.4-EVO before 22.4R3-S3-EVO,&nbsp;</li><li>23.2-EVO before 23.2R2-S1-EVO,&nbsp;</li><li>23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.</li></ul><p></p>"}], "value": "An\u00a0Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters.\n\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n * All versions before 21.4R3-S8-EVO,\u00a0\n * 22.2-EVO before 22.2R3-S4-EVO,\u00a0\n * 22.3-EVO before 22.3R3-S4-EVO,\u00a0\n * 22.4-EVO before 22.4R3-S3-EVO,\u00a0\n * 23.2-EVO before 23.2R2-S1-EVO,\u00a0\n * 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 5.3, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-697", "description": "CWE-697 Incorrect Comparison", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-10-11T15:18:08.326Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA88105"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S4-EVO*, 22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.<br><br>*Future release"}], "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S4-EVO*, 22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.\n\n*Future release"}], "source": {"advisory": "JSA88105", "defect": ["1798629"], "discovery": "USER"}, "title": "Junos OS Evolved: Connections to the network and broadcast address accepted", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use access lists or firewall filters to limit access to the device only from trusted hosts.<br>"}], "value": "Use access lists or firewall filters to limit access to the device only from trusted hosts."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-11T19:00:46.135385Z", "id": "CVE-2024-39534", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T19:00:54.386Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39534", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-11T19:00:46.135385Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T19:00:50.386Z"}}], "cna": {"title": "Junos OS Evolved: Connections to the network and broadcast address accepted", "source": {"defect": ["1798629"], "advisory": "JSA88105", "discovery": "USER"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS Evolved", "versions": [{"status": "affected", "version": "0", "lessThan": "21.4R3-S8-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.2-EVO", "lessThan": "22.2R3-S4-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.3-EVO", "lessThan": "22.3R3-S4-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.4-EVO", "lessThan": "22.4R3-S3-EVO", "versionType": "semver"}, {"status": "affected", "version": "23.2-EVO", "lessThan": "23.2R2-S1-EVO", "versionType": "semver"}, {"status": "affected", "version": "23.4-EVO", "lessThan": "23.4R1-S2-EVO, 23.4R2-EVO", "versionType": "semver"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S4-EVO*, 22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.\n\n*Future release", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S4-EVO*, 22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.<br><br>*Future release", "base64": false}]}], "datePublic": "2024-10-09T16:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/JSA88105", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "Use access lists or firewall filters to limit access to the device only from trusted hosts.", "supportingMedia": [{"type": "text/html", "value": "Use access lists or firewall filters to limit access to the device only from trusted hosts.<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An\u00a0Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters.\n\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n * All versions before 21.4R3-S8-EVO,\u00a0\n * 22.2-EVO before 22.2R3-S4-EVO,\u00a0\n * 22.3-EVO before 22.3R3-S4-EVO,\u00a0\n * 22.4-EVO before 22.4R3-S3-EVO,\u00a0\n * 23.2-EVO before 23.2R2-S1-EVO,\u00a0\n * 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.", "supportingMedia": [{"type": "text/html", "value": "An&nbsp;Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters.<br><br><p>This issue affects Junos OS Evolved:&nbsp;</p><p></p><ul><li>All versions before 21.4R3-S8-EVO,&nbsp;</li><li>22.2-EVO before 22.2R3-S4-EVO,&nbsp;</li><li>22.3-EVO before 22.3R3-S4-EVO,&nbsp;</li><li>22.4-EVO before 22.4R3-S3-EVO,&nbsp;</li><li>23.2-EVO before 23.2R2-S1-EVO,&nbsp;</li><li>23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.</li></ul><p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-697", "description": "CWE-697 Incorrect Comparison"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-10-11T15:18:08.326Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39534", "state": "PUBLISHED", "dateUpdated": "2024-10-11T19:00:54.386Z", "dateReserved": "2024-06-25T15:12:53.241Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2024-10-11T15:18:08.326Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An\u00a0Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters.\n\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n * All versions before 21.4R3-S8-EVO,\u00a0\n * 22.2-EVO before 22.2R3-S4-EVO,\u00a0\n * 22.3-EVO before 22.3R3-S4-EVO,\u00a0\n * 22.4-EVO before 22.4R3-S3-EVO,\u00a0\n * 23.2-EVO before 23.2R2-S1-EVO,\u00a0\n * 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO."}, {"lang": "es", "value": "Una vulnerabilidad de comparaci\u00f3n incorrecta en la API de verificaci\u00f3n de direcci\u00f3n local de Juniper Networks Junos OS Evolved permite que un atacante no autenticado adyacente a la red cree sesiones o env\u00ede tr\u00e1fico al dispositivo utilizando la direcci\u00f3n de red y de difusi\u00f3n de la subred asignada a una interfaz. Este es un comportamiento no deseado e inesperado y puede permitir que un atacante eluda ciertos controles de compensaci\u00f3n, como filtros de firewall sin estado. Este problema afecta a Junos OS Evolved: * Todas las versiones anteriores a 21.4R3-S8-EVO, * 22.2-EVO anteriores a 22.2R3-S4-EVO, * 22.3-EVO anteriores a 22.3R3-S4-EVO, * 22.4-EVO anteriores a 22.4R3-S3-EVO, * 23.2-EVO anteriores a 23.2R2-S1-EVO, * 23.4-EVO anteriores a 23.4R1-S2-EVO, 23.4R2-EVO."}], "id": "CVE-2024-39534", "lastModified": "2024-10-15T12:58:51.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "LOW"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2024-10-11T16:15:06.970", "references": [{"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA88105"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-697"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

{}