HardBit Ransomware 4.0 Avoids Detection by Leveraging Passphrase Protection
July 15, 2024Multiple GitLab Community and Enterprise Edition Vulnerabilities
July 15, 2024HardBit Ransomware 4.0 Avoids Detection by Leveraging Passphrase Protection
July 15, 2024Multiple GitLab Community and Enterprise Edition Vulnerabilities
July 15, 2024Severity
High
Analysis Summary
CVE-2024-39553 CVSS:8.2
Juniper Networks Junos OS Evolved is vulnerable to a denial of service, caused by an exposure of resource to wrong sphere flaw in the sampling service. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-39555 CVSS:7.5
Juniper Networks Junos OS and Junos OS Evolved are vulnerable to a denial of service, caused by improper handling of exceptional conditions in the Routing Protocol Daemon (RPD). By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-39529 CVSS:7.5
Juniper Networks Junos OS is vulnerable to a denial of service, caused by the use of externally-controlled format string flaw in the Packet Forwarding Engine (PFE) By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-39531 CVSS:7.5
Juniper Networks Junos OS Evolved is vulnerable to a denial of service, caused by improper handling of values in the Packet Forwarding Engine (PFE). By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-39562 CVSS:7.5
Juniper Networks Junos OS Evolved is vulnerable to a denial of service, caused by a memory leak flaw in the xinetd process,. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-39522 CVSS:7.8
Juniper Networks Junos OS Evolved could allow a local authenticated attacker to gain elevated privileges on the system, caused by a command injection flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to root.
CVE-2024-39521 CVSS:7.8
Juniper Networks Junos OS Evolved could allow a local authenticated attacker to gain elevated privileges on the system, caused by a command injection flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to root.
CVE-2024-39551 CVSS:7.5
Juniper Networks Junos OS is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the H.323 ALG (Application Layer Gateway). By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-39523 CVSS:7.8
Juniper Networks Junos OS Evolved could allow a local authenticated attacker to gain elevated privileges on the system, caused by a command injection flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to root.
Impact
- Denial of Service
- Gain Access
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-39553
- CVE-2024-39555
- CVE-2024-39529
- CVE-2024-39531
- CVE-2024-39562
- CVE-2024-39522
- CVE-2024-39521
- CVE-2024-39551
- CVE-2024-39523
Affected Vendors
Affected Products
- Juniper Networks Junos OS 21.2
- Juniper Networks Junos OS 21.3
- Juniper Networks Junos OS 21.4
- Juniper Networks Junos OS Evolved 21.3-EVO
- Juniper Networks Junos OS Evolved 21.4-EVO
- Juniper Networks Junos OS 22.1
- Juniper Networks Junos OS 22.3
- Juniper Networks Junos OS 22.2
- Juniper Networks Junos OS Evolved 22.1-EVO
- Juniper Networks Junos OS Evolved 22.2-EVO
- Juniper Networks Junos OS 22.4
- Juniper Networks Junos OS 23.2
- Juniper Networks Junos OS Evolved 22.4-EVO
- Juniper Networks Junos OS Evolved 22.3-EVO
- Juniper Networks Junos OS Evolved 23.2-EVO
- Juniper Networks Junos OS 21.2R3-S5
- Juniper Networks Junos OS 21.4R3-S4
- Juniper Networks Junos OS 22.2R3
- Juniper Networks Junos OS 22.3R2
- Juniper Networks Junos OS 22.4R1
- Juniper Networks Junos OS 23.2R1
Remediation
Refer to Juniper Networks Security Advisory for patch, upgrade or suggested workaround information.