CVE-2024-39534

Summary

CVE-2024-39534 is a vulnerability affecting the local address verification API in Juniper Networks Junos OS Evolved. It allows unauthenticated network-adjacent attackers to create sessions or send traffic to the device using the network and broadcast addresses of the subnet assigned to an interface. This behavior bypasses certain compensating controls, such as stateless firewall filters, and can potentially lead to security breaches. The affected versions of Junos OS Evolved include all versions before 21.4R3-S8-EVO, 22.2-EVO before 22.2R3-S4-EVO, 22.3-EVO before 22.3R3-S4-EVO, 22.4-EVO before 22.4R3-S3-EVO, 23.2-EVO before 23.2R2-S1-EVO, and 23.4-EVO before 23.4R1-S2-EVO and 23.4R2-EVO. It is recommended that users upgrade to the latest patched versions to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.