CVE-2024-39537 Information

Description

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated network-based attacker to cause a limited information disclosure and availability impact to the device.

Due to a wrong initialization specific processes which should only be able to communicate internally within the device can be reached over the network via open ports.

This issue affects Junos OS Evolved on ACX 7000 Series:

All versions before 21.4R3-S7-EVO
22.2-EVO 

versions

before 22.2R3-S4-EVO 22.3-EVO versions before 22.3R3-S3-EVO 22.4-EVO versions before 22.4R3-S2-EVO 23.2-EVO versions before 23.2R2-EVO 23.4-EVO versions before 23.4R1-S1-EVO 23.4R2-EVO.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Reference

https://supportportal.juniper.net/JSA82997

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

LOW

Base Severity

6.5