CVE-2024-39537

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved versions prior to 21.4R3-S7-EVO Juniper Networks Junos OS Evolved version 22.2-EVO Juniper Networks Junos OS Evolved versions 22.2-EVO through 22.2R3-S4-EVO Juniper Networks Junos OS Evolved versions 22.3-EVO through 22.3R3-S3-EVO Juniper Networks Junos OS Evolved versions 22.4-EVO through 22.4R3-S2-EVO Juniper Networks Junos OS Evolved versions 23.2-EVO through 23.2R2-EVO Juniper Networks Junos OS Evolved versions 23.4-EVO through 23.4R1-S1-EVO Juniper Networks Junos OS Evolved version 23.4R2-EVO

Description The issue is related to an improper restriction of the communication channel to intended endpoints in Juniper Networks Junos OS Evolved. This could allow an unauthenticated, network-based attacker to cause limited information disclosure and availability impact to the device. Due to incorrect initialization, specific processes that should only communicate internally within the device can be reached over the network via open ports.

Recommendations For Juniper Networks Junos OS Evolved versions prior to 21.4R3-S7-EVO, update to version 21.4R3-S7-EVO or later. For Juniper Networks Junos OS Evolved version 22.2-EVO, update to version 22.2R3-S4-EVO or later. For Juniper Networks Junos OS Evolved versions 22.3-EVO through 22.3R3-S3-EVO, update to version 22.3R3-S3-EVO or later. For Juniper Networks Junos OS Evolved versions 22.4-EVO through 22.4R3-S2-EVO, update to version 22.4R3-S2-EVO or later. For Juniper Networks Junos OS Evolved versions 23.2-EVO through 23.2R2-EVO, update to version 23.2R2-EVO or later. For Juniper Networks Junos OS Evolved versions 23.4-EVO through 23.4R1-S1-EVO, update to version 23.4R1-S1-EVO or later. For Juniper Networks Junos OS Evolved version 23.4R2-EVO, update to a later version.