CVE-2024-39537

{"id": "CVE-2024-39537", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 6.9, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-07-11T17:15:11.843", "references": [{"url": "https://supportportal.juniper.net/JSA82997", "source": "sirt@juniper.net"}, {"url": "https://supportportal.juniper.net/JSA82997", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-923"}]}], "descriptions": [{"lang": "en", "value": "An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device.\n\n\n\nDue to a wrong initialization, specific processes which should only be able to communicate internally within the device can be reached over the network via open ports.\n\n\n\n\nThis issue affects\u00a0Junos OS Evolved on ACX 7000 Series:\n\n\n\n * All versions before 21.4R3-S7-EVO,\n * 22.2-EVO \n\nversions \n\nbefore 22.2R3-S4-EVO,\n * 22.3-EVO versions before 22.3R3-S3-EVO,\n * 22.4-EVO versions before 22.4R3-S2-EVO,\n * 23.2-EVO versions before 23.2R2-EVO,\n * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO."}, {"lang": "es", "value": "Una vulnerabilidad de restricci\u00f3n inadecuada del canal de comunicaci\u00f3n a los endpoints previstos en Juniper Networks Junos OS evolucionado en la serie ACX 7000 permite que un atacante no autenticado basado en la red cause una divulgaci\u00f3n de informaci\u00f3n limitada y un impacto en la disponibilidad del dispositivo. Debido a una inicializaci\u00f3n incorrecta, a trav\u00e9s de puertos abiertos se puede acceder a trav\u00e9s de la red a procesos espec\u00edficos que s\u00f3lo deber\u00edan poder comunicarse internamente dentro del dispositivo. Este problema afecta a Junos OS Evolved en la serie ACX 7000: * Todas las versiones anteriores a 21.4R3-S7-EVO, * Versiones 22.2-EVO anteriores a 22.2R3-S4-EVO, * Versiones 22.3-EVO anteriores a 22.3R3-S3-EVO, * 22.4 -Versiones EVO anteriores a 22.4R3-S2-EVO, *versiones 23.2-EVO anteriores a 23.2R2-EVO, *versiones 23.4-EVO anteriores a 23.4R1-S1-EVO, 23.4R2-EVO."}], "lastModified": "2024-11-21T09:27:57.533", "sourceIdentifier": "sirt@juniper.net"}