fkie_cve-2024-39537
Vulnerability from fkie_nvd
Published
2024-07-11 17:15
Modified
2024-11-21 09:27
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Summary
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, specific processes which should only be able to communicate internally within the device can be reached over the network via open ports. This issue affects Junos OS Evolved on ACX 7000 Series: * All versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO.
References
sirt@juniper.nethttps://supportportal.juniper.net/JSA82997
af854a3a-2127-422b-91ae-364da2661108https://supportportal.juniper.net/JSA82997
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device.\n\n\n\nDue to a wrong initialization, specific processes which should only be able to communicate internally within the device can be reached over the network via open ports.\n\n\n\n\nThis issue affects\u00a0Junos OS Evolved on ACX 7000 Series:\n\n\n\n  *  All versions before 21.4R3-S7-EVO,\n  *  22.2-EVO \n\nversions \n\nbefore 22.2R3-S4-EVO,\n  *  22.3-EVO versions before 22.3R3-S3-EVO,\n  *  22.4-EVO versions before 22.4R3-S2-EVO,\n  *  23.2-EVO versions before 23.2R2-EVO,\n  *  23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de restricci\u00f3n inadecuada del canal de comunicaci\u00f3n a los endpoints previstos en Juniper Networks Junos OS evolucionado en la serie ACX 7000 permite que un atacante no autenticado basado en la red cause una divulgaci\u00f3n de informaci\u00f3n limitada y un impacto en la disponibilidad del dispositivo. Debido a una inicializaci\u00f3n incorrecta, a trav\u00e9s de puertos abiertos se puede acceder a trav\u00e9s de la red a procesos espec\u00edficos que s\u00f3lo deber\u00edan poder comunicarse internamente dentro del dispositivo. Este problema afecta a Junos OS Evolved en la serie ACX 7000: * Todas las versiones anteriores a 21.4R3-S7-EVO, * Versiones 22.2-EVO anteriores a 22.2R3-S4-EVO, * Versiones 22.3-EVO anteriores a 22.3R3-S3-EVO, * 22.4 -Versiones EVO anteriores a 22.4R3-S2-EVO, *versiones 23.2-EVO anteriores a 23.2R2-EVO, *versiones 23.4-EVO anteriores a 23.4R1-S1-EVO, 23.4R2-EVO."
    }
  ],
  "id": "CVE-2024-39537",
  "lastModified": "2024-11-21T09:27:57.533",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.9,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-11T17:15:11.843",
  "references": [
    {
      "source": "sirt@juniper.net",
      "url": "https://supportportal.juniper.net/JSA82997"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://supportportal.juniper.net/JSA82997"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-923"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.