CVE-2024-39535 — MEDIUM (6.5)

Vulnerability Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When a device has a Layer 3 or an IRB interface configured in a VPLS instance and specific traffic is received, the evo-pfemand processes crashes which causes a service outage for the respective FPC until the system is recovered manually. This issue only affects Junos OS Evolved 22.4R2-S1 and 22.4R2-S2 releases and is fixed in 22.4R3. No other releases are affected.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Juniper	Junos Os Evolved	22.4
Juniper	Acx7020	-
Juniper	Acx7024	-
Juniper	Acx7024X	-
Juniper	Acx7100	-
Juniper	Acx7300	-
Juniper	Acx7509	-

Related Weaknesses (CWE)

CWE-754

References

https://supportportal.juniper.net/JSA82995Vendor Advisory
https://supportportal.juniper.net/JSA82995Vendor Advisory

FAQ

What is CVE-2024-39535?

CVE-2024-39535 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, adjacent ...

How severe is CVE-2024-39535?

CVE-2024-39535 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-39535?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos Os Evolved, Juniper Acx7020, Juniper Acx7024, Juniper Acx7024X, Juniper Acx7100.