Juniper Networks Junos OS Evolved vulnerabilities

CVE-2024-39535 [HIGH] CWE-754 CVE-2024-39535: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engin An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When a device has a Layer 3 or an IRB interface configured in a VPLS instance and specific traffic is recei

CVE-2024-39523 [HIGH] CWE-78 CVE-2024-39523: An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved co An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which exe

CVE-2024-39552 [HIGH] CWE-755 CVE-2024-39552: An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, RPD

CVE-2024-39520 [HIGH] CWE-78 CVE-2024-39520: An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved co An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which exe

CVE-2024-39519 [HIGH] CWE-754 CVE-2024-39519: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engin An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). On all ACX 7000 Series platforms running Junos OS Evolved, and configured with IRBs, if a Customer Edge de

CVE-2024-39524 [HIGH] CWE-78 CVE-2024-39524: An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved co An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which exe

CVE-2024-39548 [HIGH] CWE-400 CVE-2024-39548: An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service (DoS) condition. The processes do not recover on their own and must be manually restarted. This issue affects both IPv4 and IPv6.

CVE-2024-39532 [MEDIUM] CWE-532 CVE-2024-39532: An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and J An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information. When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privile

CVE-2024-39528 [MEDIUM] CWE-416 CVE-2024-39528: A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received

CVE-2024-39536 [MEDIUM] CWE-401 CVE-2024-39536: A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). When a BFD session configured with authentication flaps, ppmd memory can leak. Whether the leak happens

CVE-2024-39537 [MEDIUM] CWE-923 CVE-2024-39537: An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Netw An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, specific processes which should only be able t

CVE-2024-39553 [MEDIUM] CWE-668 CVE-2024-39553: An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Ju An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, which leads msvcsd process to crash with limited availability impacting Denial of Service (DoS) and allows unauthorized network access to the device,

CVE-2024-39559 [HIGH] CWE-754 CVE-2024-39559: An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Junipe An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS Evolved may allow a network-based unauthenticated attacker to crash the device (vmcore) by sending a specific TCP packet over an established TCP session with MD5 authentication enabled, destined to an accessible port on the device, r

CVE-2024-39557 [HIGH] CWE-400 CVE-2024-39557: An Uncontrolled Resource Consumption vulnerability in the Layer 2 Address Learning Daemon (l2ald) An Uncontrolled Resource Consumption vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS). Certain MAC table updates cause a small amount of m

CVE-2024-39558 [HIGH] CWE-252 CVE-2024-39558: An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Jun An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker sending a specific PIM packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS), when PIM is configured with Multicast-only Fast Re

CVE-2024-39562 [HIGH] CWE-772 CVE-2024-39562: A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will

CVE-2024-39517 [HIGH] CWE-754 CVE-2024-39517: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learnin An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS). In an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can

CVE-2024-39555 [HIGH] CWE-755 CVE-2024-39555: An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update mess

CVE-2024-39554 [HIGH] CWE-362 CVE-2024-39554: A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulner A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash an

CVE-2024-39512 [HIGH] CWE-1263 CVE-2024-39512: An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Ju An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account. When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to