- 203/2024
- High
Juniper has released security updates to fix several vulnerabilities across multiple versions of Junos OS and Junos OS Evolved.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks, obtain sensitive information, bypass security restrictions, gain elevated privileges, or execute arbitrary commands and gain access to the affected product by sending specially crafted requests.
Sample of the addressed vulnerabilities:
1. Juniper Networks Junos OS Command Execution (CVE-2024-39565):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Juniper Networks Junos OS Evolved Privilege Escalation (CVE-2024-39520):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
3. Juniper Networks Junos OS Evolved Information Disclosure (CVE-2024-39537):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.