CVE-2024-39535 — Improper Check for Unusual or Exceptional Conditions in Networks Junos OS Evolved

CWE-754 — Improper Check for Unusual or Exceptional Conditions4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.1%

top 64.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedJul 11

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When a device has a Layer 3 or an IRB interface configured in a VPLS instance and specific traffic is received, the evo-pfemand processes crashes which causes a service outage for the respective FPC until the system is recovered manually. This issue onl…

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os_evolved22.4R2-S1-EVO — 22.4R3-EVO

▶NVDjuniper/junos_os_evolved22.4

🔴Vulnerability Details

GHSA

GHSA-j93h-6wmf-9mh5: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on AC↗2024-07-11

▶

CVEList

Junos OS Evolved: ACX 7000 Series: When specific traffic is received in a VPLS scenario evo-pfemand crashes↗2024-07-11

▶

📋Vendor Advisories

Juniper

CVE-2024-39535: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on AC↗2024-07-11

▶