Lucene search

JuniperCVE-2024-39519

HistoryJul 11, 2024 - 4:15 p.m.

CVE-2024-39519

2024-07-1116:15:02

CWE-754

juniper

web.nvd.nist.gov

juniper networks

packet forwarding engine

dos

acx7000 series

irbs

ipv4

ipv6

multicast packets

security vulnerability

junos os evolved versions

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS4

7.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:L

EPSS

Percentile

13.0%

JSON

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a

Denial-of-Service (DoS).

On all ACX 7000 Series platforms running

Junos OS Evolved, and configured with IRBs, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets. This issue can be triggered by IPv4 and IPv6 traffic.

This issue affects Junos OS Evolved:

All versions from 22.2R1-EVO and later versions before 22.4R2-EVO,

This issue does not affect Junos OS Evolved versions before 22.1R1-EVO.

Affected configurations

Nvd

Node

juniperjunos_os_evolvedRange22.2–22.4

juniperjunos_os_evolvedMatch22.4-

juniperjunos_os_evolvedMatch22.4r1

juniperjunos_os_evolvedMatch22.4r1-s1

juniperjunos_os_evolvedMatch22.4r1-s2

AND

juniperacx7024Match-

juniperacx7024xMatch-

juniperacx7100-32cMatch-

juniperacx7100-48lMatch-

juniperacx7332Match-

juniperacx7348Match-

juniperacx7509Match-

VendorProductVersionCPE
juniperjunos_os_evolved*cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*
juniperjunos_os_evolved22.4cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*
juniperjunos_os_evolved22.4cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*
juniperjunos_os_evolved22.4cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*
juniperjunos_os_evolved22.4cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*
juniperacx7024-cpe:2.3:h:juniper:acx7024:-:*:*:*:*:*:*:*
juniperacx7024x-cpe:2.3:h:juniper:acx7024x:-:*:*:*:*:*:*:*
juniperacx7100-32c-cpe:2.3:h:juniper:acx7100-32c:-:*:*:*:*:*:*:*
juniperacx7100-48l-cpe:2.3:h:juniper:acx7100-48l:-:*:*:*:*:*:*:*
juniperacx7332-cpe:2.3:h:juniper:acx7332:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
juniper	junos_os_evolved	*	cpe:2.3:o:juniper:junos_os_evolved::::::::
juniper	junos_os_evolved	22.4	cpe:2.3:o:juniper:junos_os_evolved:22.4:-::::::
juniper	junos_os_evolved	22.4	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1::::::
juniper	junos_os_evolved	22.4	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1::::::
juniper	junos_os_evolved	22.4	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2::::::
juniper	acx7024	-	cpe:2.3:h:juniper:acx7024:-:::::::*
juniper	acx7024x	-	cpe:2.3:h:juniper:acx7024x:-:::::::*
juniper	acx7100-32c	-	cpe:2.3:h:juniper:acx7100-32c:-:::::::*
juniper	acx7100-48l	-	cpe:2.3:h:juniper:acx7100-48l:-:::::::*
juniper	acx7332	-	cpe:2.3:h:juniper:acx7332:-:::::::*

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "ACX7000 Series"
    ],
    "product": "Junos OS Evolved",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "22.1-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R1-EVO",
        "status": "unaffected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "22.2-EVO",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "22.3-EVO",
        "versionType": "custom"
      },
      {
        "lessThan": "22.4R2-EVO",
        "status": "affected",
        "version": "22.4-EVO",
        "versionType": "semver"
      }
    ]
  }
]

References

supportportal.juniper.net/JSA82983

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS4

7.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:L

EPSS

Percentile

13.0%

JSON

Related for CVE-2024-39519