- 284/2024
- High
Juniper has released security updates to fix multiple vulnerabilities affecting several products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, or execute arbitrary code and take full control of the affected products.
Sample of the addressed vulnerabilities:
1- Junos OS Evolved: ACX 7000 Series: Improper Restriction of Communication Channel to Intended Endpoints Vulnerability (CVE-2024-47490):
- CVSS: 8.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Services
2- Junos Space: Remote Command Execution (RCE) Vulnerability in Web Application (CVE-2024-39563):
- CVSS: 7.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.