Vulnerability Description
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, specific processes which should only be able to communicate internally within the device can be reached over the network via open ports. This issue affects Junos OS Evolved on ACX 7000 Series: * All versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos Os Evolved | < 21.4 |
| Juniper | Acx7020 | - |
| Juniper | Acx7024 | - |
| Juniper | Acx7024X | - |
| Juniper | Acx7100 | - |
| Juniper | Acx7300 | - |
| Juniper | Acx7509 | - |
Related Weaknesses (CWE)
References
- https://supportportal.juniper.net/JSA82997Vendor Advisory
- https://supportportal.juniper.net/JSA82997Vendor Advisory
FAQ
What is CVE-2024-39537?
CVE-2024-39537 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause ...
How severe is CVE-2024-39537?
CVE-2024-39537 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-39537?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos Os Evolved, Juniper Acx7020, Juniper Acx7024, Juniper Acx7024X, Juniper Acx7100.