Vulnerabilities in Juniper Networks Products (AL04/240711/CSIRT-ITA)

Summary

New security vulnerabilities, including 11 with a severity of “high,” have been discovered that affect Juniper Networks routers, firewalls, and routing platforms running Junos OS and Junos OS Evolved.

Risk

Vulnerability community impact estimate: HIGH/ORANGE (65.12/100)¹.

Type

Denial of Service
Privilege Escalation
Remote Code Execution

Affected products and versions

Junos OS Evolved
Junos OS

Mitigation Actions

In line with vendor statements, it is recommended to apply the available mitigations following the indications reported in the security bulletins in the References section.

Unique Vulnerability Identifiers

The following are the CVEs related to the vulnerabilities with a severity of “high”:

References

https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX240-MX480-MX960-platforms-using-MPC10E-Memory-leak-will-be-observed-when-subscribed-to-a-specific-subscription-on-Junos-Telemetry-Interface-CVE-2024-39518?language=en_US

https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-If-DNS-traceoptions-are-configured-in-a-DGA-or-tunnel-detection-scenario-specific-DNS-traffic-leads-to-a-PFE-crash-CVE-2024-39529?language=en_US

https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Attempting-to-access-specific-sensors-on-platforms-not-supporting-these-will-lead-to-a-chassisd-crash-CVE-2024-39530?language=en_US

https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Protocol-specific-DDoS-configuration-affects-other-protocols-CVE-2024-39531?language=en_US

https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-Specific-valid-TCP-traffic-can-cause-a-pfe-crash-CVE-2024-39540?language=en_US

https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-CFM-packet-or-specific-transit-traffic-leads-to-FPC-crash-CVE-2024-39542?language=en_US

https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Local-low-privilege-user-can-gain-root-permissions-leading-to-privilege-escalation-CVE-2024-39546?language=en_US

https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-MS-MPC-MIC-Receipt-of-specific-packets-in-H-323-ALG-causes-traffic-drop-CVE-2024-39551?language=en_US

https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-malformed-BGP-update-causes-the-session-to-reset-CVE-2024-39555?language=en_US

https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-EX-Series-J-Web-An-unauthenticated-network-based-attacker-can-perform-XPATH-injection-attack-against-a-device-CVE-2024-39565?language=en_US

https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Receipt-of-malformed-BGP-path-attributes-leads-to-a-memory-leak-CVE-2024-39549?language=en_US

¹This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.

Home

Some companies that have chosen us

Professional qualifications

Vulnerabilities in Juniper Networks Products (AL04/240711/CSIRT-ITA)

Recommended to you

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

LATVIAN SUPERVISORY AUTHORITY: A list of processing operations that are not required to be...

ICELANDIC SUPERVISORY AUTHORITY: Arion Bank hf.’s processing of personal data for marketing purposes and...

GERMAN SUPERVISORY AUTHORITY: BfDI participates in Europe-wide review of the right to erasure

DANISH SUPERVISORY AUTHORITY: EDPB launches coordinated action on the right to erasure

Vulnerability in Apache Tomcat (AL04/241217/CSIRT-ITA)

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

CISCO Product Updates (AL01/230112/CSIRT-ITA)

Android Security Updates (AL02/250304/CSIRT-ITA)

Vulnerability in Progress WhatsUp Gold (AL02/240627/CSIRT-ITA) – Update (AL02/240627/CSIRT-ITA)

ManageEngine: vulnerability fixed (AL01/250304/CSIRT-ITA)

Mautic: Public PoC for CVE-2024-47051 Exploitation (AL02/250303/CSIRT-ITA)

CANADIAN SUPERVISORY AUTHORITY: seeks Federal Court order requiring Pornhub operator to comply with Canadian...

Security Updates for Synology Products (AL01/250303/CSIRT-ITA)

7-Zip vulnerability fixed (AL02/250122/CSIRT-ITA)

Vulnerability in PostgreSQL (AL01/250214/CSIRT-ITA)

ITALIAN SUPERVISORY AUTHORITY: Fetus Cemetery: Sanctioned the Municipality of Brescia

ITALIAN SUPERVISORY AUTHORITY: a credit rehabilitation company fined for 70 thousand euros

ITALIAN SUPERVISORY AUTHORITY: Fetus Cemetery: Sanctioned the Municipality of Brescia

ITALIAN SUPERVISORY AUTHORITY: ok to telemedicine with more guarantees for personal data

Search in 365TRUST

CYBER ALERT

Vulnerability in Apache Tomcat (AL04/241217/CSIRT-ITA)

CISCO Product Updates (AL01/230112/CSIRT-ITA)

Android Security Updates (AL02/250304/CSIRT-ITA)

Our services

Home

Some companies that have chosen us

Professional qualifications

Stay up-to-date with world news!

Recommended to you

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

LATVIAN SUPERVISORY AUTHORITY: A list of processing operations that are not required to be...

ICELANDIC SUPERVISORY AUTHORITY: Arion Bank hf.’s processing of personal data for marketing purposes and...

GERMAN SUPERVISORY AUTHORITY: BfDI participates in Europe-wide review of the right to erasure

DANISH SUPERVISORY AUTHORITY: EDPB launches coordinated action on the right to erasure

Vulnerability in Apache Tomcat (AL04/241217/CSIRT-ITA)

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

CISCO Product Updates (AL01/230112/CSIRT-ITA)

Android Security Updates (AL02/250304/CSIRT-ITA)

Vulnerability in Progress WhatsUp Gold (AL02/240627/CSIRT-ITA) – Update (AL02/240627/CSIRT-ITA)

ManageEngine: vulnerability fixed (AL01/250304/CSIRT-ITA)

Mautic: Public PoC for CVE-2024-47051 Exploitation (AL02/250303/CSIRT-ITA)

CANADIAN SUPERVISORY AUTHORITY: seeks Federal Court order requiring Pornhub operator to comply with Canadian...

Security Updates for Synology Products (AL01/250303/CSIRT-ITA)

7-Zip vulnerability fixed (AL02/250122/CSIRT-ITA)

Vulnerability in PostgreSQL (AL01/250214/CSIRT-ITA)

ITALIAN SUPERVISORY AUTHORITY: Fetus Cemetery: Sanctioned the Municipality of Brescia

ITALIAN SUPERVISORY AUTHORITY: a credit rehabilitation company fined for 70 thousand euros

ITALIAN SUPERVISORY AUTHORITY: Fetus Cemetery: Sanctioned the Municipality of Brescia

ITALIAN SUPERVISORY AUTHORITY: ok to telemedicine with more guarantees for personal data

Search in 365TRUST

CYBER ALERT

Vulnerability in Apache Tomcat (AL04/241217/CSIRT-ITA)

CISCO Product Updates (AL01/230112/CSIRT-ITA)

Android Security Updates (AL02/250304/CSIRT-ITA)

Our services