Analysis Summary

CVE-2024-39553 CVSS:8.2

Juniper Networks Junos OS Evolved is vulnerable to a denial of service, caused by an exposure of resource to wrong sphere flaw in the sampling service. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-39555 CVSS:7.5

Juniper Networks Junos OS and Junos OS Evolved are vulnerable to a denial of service, caused by improper handling of exceptional conditions in the Routing Protocol Daemon (RPD). By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-39529 CVSS:7.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by the use of externally-controlled format string flaw in the Packet Forwarding Engine (PFE) By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-39531 CVSS:7.5

Juniper Networks Junos OS Evolved is vulnerable to a denial of service, caused by improper handling of values in the Packet Forwarding Engine (PFE). By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-39562 CVSS:7.5

Juniper Networks Junos OS Evolved is vulnerable to a denial of service, caused by a memory leak flaw in the xinetd process,. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-39522 CVSS:7.8

Juniper Networks Junos OS Evolved could allow a local authenticated attacker to gain elevated privileges on the system, caused by a command injection flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to root.

CVE-2024-39521 CVSS:7.8

Juniper Networks Junos OS Evolved could allow a local authenticated attacker to gain elevated privileges on the system, caused by a command injection flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to root.

CVE-2024-39551 CVSS:7.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the H.323 ALG (Application Layer Gateway). By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-39523 CVSS:7.8

Juniper Networks Junos OS Evolved could allow a local authenticated attacker to gain elevated privileges on the system, caused by a command injection flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to root.

Impact

• Denial of Service
• Gain Access
• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2024-39553
• CVE-2024-39555
• CVE-2024-39529
• CVE-2024-39531
• CVE-2024-39562
• CVE-2024-39522
• CVE-2024-39521
• CVE-2024-39551
• CVE-2024-39523

Affected Vendors

Remediation

Refer to Juniper Networks Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-39553

CVE-2024-39555

CVE-2024-39529

CVE-2024-39531

CVE-2024-39562

CVE-2024-39522

CVE-2024-39521

CVE-2024-39551

CVE-2024-39523