CVE-2024-39533 — MEDIUM (5.8)

Q: How severe is CVE-2024-39533?

CVE-2024-39533 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-39533?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex4600, Juniper Ex4650, Juniper Qfx5110, Juniper Qfx5120.

Vulnerability Description

An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an unauthenticated, network-based attacker to cause a minor integrity impact to downstream networks.If one or more of the following match conditions ip-source-address ip-destination-address arp-type which are not supported for this type of filter, are used in an ethernet switching filter, and then this filter is applied as an output filter, the configuration can be committed but the filter will not be in effect. This issue affects Junos OS on QFX5000 Series and EX4600 Series: * All version before 21.2R3-S7, * 21.4 versions before 21.4R3-S6, * 22.1 versions before 22.1R3-S5, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S2, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2. Please note that the implemented fix ensures these unsupported match conditions cannot be committed anymore.

CVSS Score

5.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Juniper	Junos	< 21.2
Juniper	Ex4600	-
Juniper	Ex4650	-
Juniper	Qfx5110	-
Juniper	Qfx5120	-
Juniper	Qfx5130	-
Juniper	Qfx5200	-
Juniper	Qfx5210	-
Juniper	Qfx5220	-
Juniper	Qfx5230-64Cd	-
Juniper	Qfx5240	-
Juniper	Qfx5241	-
Juniper	Qfx5700	-

Related Weaknesses (CWE)

CWE-447

References

https://supportportal.juniper.net/JSA82993Vendor Advisory
https://supportportal.juniper.net/JSA82993Vendor Advisory

FAQ

What is CVE-2024-39533?

CVE-2024-39533 is a vulnerability with a CVSS score of 5.8 (MEDIUM). An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an unauthenticated, network-based attacker to cause a minor inte...

How severe is CVE-2024-39533?

CVE-2024-39533 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-39533?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex4600, Juniper Ex4650, Juniper Qfx5110, Juniper Qfx5120.