CVE-2024-39534 — Incorrect Comparison in Networks Junos OS Evolved

CWE-697 — Incorrect Comparison4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 87.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedOct 11

Description

An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters. This issue affects Junos OS Evolved: * All versions befor…

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os_evolved22.2-EVO — 22.2R3-S4-EVO+5

▶NVDjuniper/junos_os_evolved< 21.4+6

🔴Vulnerability Details

CVEList

Junos OS Evolved: Connections to the network and broadcast address accepted↗2024-10-11

▶

GHSA

GHSA-mjfx-92v4-6mf3: An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adj↗2024-10-11

▶

📋Vendor Advisories

Juniper

CVE-2024-39534: An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adj↗2024-10-11

▶