CVE-2024-39519

HIGH EPSS 15.7%
Published Jul 11, 20241y ago · Modified Jun 17, 20262w ago
7.1 CVSS 4.0
High
Find Similar
Published Jul 11, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). On all ACX 7000 Series platforms running Junos OS Evolved, and configured with IRBs, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets. This issue can be triggered by IPv4 and IPv6 traffic. This issue affects Junos OS Evolved:  All versions from 22.2R1-EVO and later versions before 22.4R2-EVO, This issue does not affect Junos OS Evolved versions before 22.1R1-EVO.

CVSS Details

Base Score
7.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Adjacent
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
15.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-754

Affected Products 12

VendorProductVersionRange
juniperjunos_os_evolved*≥22.2  –  <22.4
juniperjunos_os_evolved22.4any
juniperjunos_os_evolved22.4any
juniperjunos_os_evolved22.4any
juniperjunos_os_evolved22.4any
juniperacx7024*any
juniperacx7024x*any
juniperacx7100-32c*any
juniperacx7100-48l*any
juniperacx7332*any
juniperacx7348*any
juniperacx7509*any

References 1

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.