Severity
High
Analysis Summary
CVE-2024-39553 CVSS:8.2
Juniper Networks Junos OS Evolved is vulnerable to a denial of service, caused by an exposure of resource to wrong sphere flaw in the sampling service. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-39555 CVSS:7.5
Juniper Networks Junos OS and Junos OS Evolved are vulnerable to a denial of service, caused by improper handling of exceptional conditions in the Routing Protocol Daemon (RPD). By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-39529 CVSS:7.5
Juniper Networks Junos OS is vulnerable to a denial of service, caused by the use of externally-controlled format string flaw in the Packet Forwarding Engine (PFE) By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-39531 CVSS:7.5
Juniper Networks Junos OS Evolved is vulnerable to a denial of service, caused by improper handling of values in the Packet Forwarding Engine (PFE). By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-39562 CVSS:7.5
Juniper Networks Junos OS Evolved is vulnerable to a denial of service, caused by a memory leak flaw in the xinetd process,. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-39522 CVSS:7.8
Juniper Networks Junos OS Evolved could allow a local authenticated attacker to gain elevated privileges on the system, caused by a command injection flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to root.
CVE-2024-39521 CVSS:7.8
Juniper Networks Junos OS Evolved could allow a local authenticated attacker to gain elevated privileges on the system, caused by a command injection flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to root.
CVE-2024-39551 CVSS:7.5
Juniper Networks Junos OS is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the H.323 ALG (Application Layer Gateway). By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-39523 CVSS:7.8
Juniper Networks Junos OS Evolved could allow a local authenticated attacker to gain elevated privileges on the system, caused by a command injection flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to root.
Impact
- Denial of Service
- Gain Access
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-39553
- CVE-2024-39555
- CVE-2024-39529
- CVE-2024-39531
- CVE-2024-39562
- CVE-2024-39522
- CVE-2024-39521
- CVE-2024-39551
- CVE-2024-39523
Affected Vendors
Affected Products
- Juniper Networks Junos OS 21.2
- Juniper Networks Junos OS 21.3
- Juniper Networks Junos OS 21.4
- Juniper Networks Junos OS Evolved 21.3-EVO
- Juniper Networks Junos OS Evolved 21.4-EVO
- Juniper Networks Junos OS 22.1
- Juniper Networks Junos OS 22.3
- Juniper Networks Junos OS 22.2
- Juniper Networks Junos OS Evolved 22.1-EVO
- Juniper Networks Junos OS Evolved 22.2-EVO
- Juniper Networks Junos OS 22.4
- Juniper Networks Junos OS 23.2
- Juniper Networks Junos OS Evolved 22.4-EVO
- Juniper Networks Junos OS Evolved 22.3-EVO
- Juniper Networks Junos OS Evolved 23.2-EVO
- Juniper Networks Junos OS 21.2R3-S5
- Juniper Networks Junos OS 21.4R3-S4
- Juniper Networks Junos OS 22.2R3
- Juniper Networks Junos OS 22.3R2
- Juniper Networks Junos OS 22.4R1
- Juniper Networks Junos OS 23.2R1
Remediation
Refer to Juniper Networks Security Advisory for patch, upgrade or suggested workaround information.