CVE-2024-39534

Name of the Vulnerable Software and Affected Versions Junos OS Evolved versions prior to 21.4R3-S8-EVO Junos OS Evolved version 22.2-EVO prior to 22.2R3-S4-EVO Junos OS Evolved version 22.3-EVO prior to 22.3R3-S4-EVO Junos OS Evolved version 22.4-EVO prior to 22.4R3-S3-EVO Junos OS Evolved version 23.2-EVO prior to 23.2R2-S1-EVO Junos OS Evolved version 23.4-EVO prior to 23.4R1-S2-EVO, 23.4R2-EVO

Description An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This can allow an attacker to bypass certain compensating controls, such as stateless firewall filters.

Recommendations For versions prior to 21.4R3-S8-EVO, update to version 21.4R3-S8-EVO or later. For version 22.2-EVO prior to 22.2R3-S4-EVO, update to version 22.2R3-S4-EVO or later. For version 22.3-EVO prior to 22.3R3-S4-EVO, update to version 22.3R3-S4-EVO or later. For version 22.4-EVO prior to 22.4R3-S3-EVO, update to version 22.4R3-S3-EVO or later. For version 23.2-EVO prior to 23.2R2-S1-EVO, update to version 23.2R2-S1-EVO or later. For version 23.4-EVO prior to 23.4R1-S2-EVO, 23.4R2-EVO, update to version 23.4R1-S2-EVO or later.