{"vulnerability": "CVE-2024-3951", "sightings": [{"uuid": "9bdee3c8-3b00-457b-aa7e-3b8318bf7282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39516", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113799443721205801", "content": "", "creation_timestamp": "2025-01-09T16:55:09.923020Z"}, {"uuid": "522aef5d-8a07-4098-97e5-e1407092a16a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39516", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/991", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21600\n\ud83d\udd39 Description: An Out-of-Bounds Read vulnerability in\n\nthe routing protocol daemon (rpd) of \n\n Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\n\n\nThis issue only affects systems configured in\n either of two ways:\n\n \n \n * systems with BGP traceoptions enabled\n\n * systems with BGP family traffic-engineering (BGP-LS)\n configured\n\n\n and can be exploited from a directly connected and configured BGP peer.\u00a0\n\nThis issue affects iBGP and eBGP \n\nwith \n\nany address family\n\n configured, and both IPv4 and IPv6 are affected by this vulnerability.\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * All versions before 21.4R3-S9,\u00a0\n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.3 before 22.3R3-S4,\u00a0\n * from 22.4 before 22.4R3-S5,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3,\u00a0\n * from 24.2 before 24.2R1-S2, 24.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 21.4R3-S9-EVO,\u00a0\n * from 22.2 before 22.2R3-S5-EVO,\u00a0\n * from 22.3 before 22.3R3-S4-EVO,\u00a0\n * from 22.4 before 22.4R3-S5-EVO,\u00a0\n * from 23.2 before 23.2R2-S3-EVO,\u00a0\n * from 23.4 before 23.4R2-S2-EVO,\u00a0\n * from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.\n\n\n\nThis is a similar, but different vulnerability than the issue reported as CVE-2024-39516.\n\ud83d\udccf Published: 2025-01-09T16:49:42.367Z\n\ud83d\udccf Modified: 2025-01-09T16:49:42.367Z\n\ud83d\udd17 References:\n1. https://supportportal.juniper.net/JSA92870", "creation_timestamp": "2025-01-09T17:19:54.000000Z"}, {"uuid": "44b991fc-4e32-415b-b9a5-c4ef4c2e7e69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39517", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3847", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-39517\n\ud83d\udd25 CVSS Score: 6.4 (CVSS_V3)\n\ud83d\udd39 Description: An Improper Check for Unusual or Exceptional Conditions vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).\n\nIn an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services.\n\nThis issue affects both IPv4 and IPv6 implementations.\nThis issue affects\nJunos OS:\nAll versions earlier than\u00a021.4R3-S7;\n22.1\u00a0versions earlier than 22.1R3-S5;\n22.2 versions earlier than\u00a022.2R3-S3;\n22.3 versions earlier than\u00a022.3R3-S3;\n22.4 versions earlier than\u00a022.4R3-S2;\n23.2 versions earlier than\u00a023.2R2;\n23.4 versions earlier than\u00a023.4R1-S1.\n\nJunos OS Evolved:\nAll versions earlier than\u00a021.4R3-S7-EVO;\n22.1-EVO versions earlier than\u00a022.1R3-S5-EVO;\n22.2-EVO versions earlier than\u00a022.2R3-S3-EVO;\n22.3-EVO versions earlier than 22.3R3-S3-EVO;\n22.4-EVO versions earlier than\u00a022.4R3-S2-EVO;\n23.2-EVO versions earlier than\u00a023.2R2-EVO;\n23.4-EVO versions earlier than\u00a023.4R1-S1-EVO, 23.4R2-EVO.\n\ud83d\udccf Published: 2024-07-11T00:32:50Z\n\ud83d\udccf Modified: 2025-02-07T21:30:56Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-39517\n2. https://supportportal.juniper.net/JSA79175", "creation_timestamp": "2025-02-07T22:03:11.000000Z"}, {"uuid": "3857a87e-7442-4735-8a75-6c505597da6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39516", "type": "seen", "source": "https://t.me/cvedetector/14874", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21600 - \"Juniper Networks Junos OS and Junos OS Evolved BGP Daemon OOB Read DoS\"\", \n \"Content\": \"CVE ID : CVE-2025-21600 \nPublished : Jan. 9, 2025, 5:15 p.m. | 40\u00a0minutes ago \nDescription : An Out-of-Bounds Read vulnerability in \n \nthe routing protocol daemon (rpd) of \n \n Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. \n \n \n \nThis issue only affects systems configured in \n either of two ways: \n \n \n \n * systems with BGP traceoptions enabled \n \n * systems with BGP family traffic-engineering (BGP-LS) \n configured \n \n \n and can be exploited from a directly connected and configured BGP peer.\u00a0 \n \nThis issue affects iBGP and eBGP \n \nwith \n \nany address family \n \n configured, and both IPv4 and IPv6 are affected by this vulnerability. \n \nThis issue affects: \n \nJunos OS:\u00a0 \n \n \n \n * All versions before 21.4R3-S9,\u00a0 \n * from 22.2 before 22.2R3-S5,\u00a0 \n * from 22.3 before 22.3R3-S4,\u00a0 \n * from 22.4 before 22.4R3-S5,\u00a0 \n * from 23.2 before 23.2R2-S3,\u00a0 \n * from 23.4 before 23.4R2-S3,\u00a0 \n * from 24.2 before 24.2R1-S2, 24.2R2;\u00a0 \n \n \n \n \nJunos OS Evolved:\u00a0 \n \n \n \n * All versions before 21.4R3-S9-EVO,\u00a0 \n * from 22.2 before 22.2R3-S5-EVO,\u00a0 \n * from 22.3 before 22.3R3-S4-EVO,\u00a0 \n * from 22.4 before 22.4R3-S5-EVO,\u00a0 \n * from 23.2 before 23.2R2-S3-EVO,\u00a0 \n * from 23.4 before 23.4R2-S2-EVO,\u00a0 \n * from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO. \n \n \n \nThis is a similar, but different vulnerability than the issue reported as CVE-2024-39516. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T19:26:27.000000Z"}, {"uuid": "3950b844-03ab-4ad6-bc20-dedd5c6a0ad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39516", "type": "seen", "source": "https://t.me/cvedetector/7532", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39516 - Juniper Networks Junos OS and Junos OS Evolved BGP Routing Protocol Daemon OOB Read Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-39516 \nPublished : Oct. 9, 2024, 8:15 p.m. | 44\u00a0minutes ago \nDescription : An Out-of-Bounds Read vulnerability in \n \nthe routing protocol daemon (rpd) of \n \n Juniper Networks Junos OS and Junos OS Evolved\u00a0allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. \n \nThis issue\u00a0requires a BGP session to be already established.\u00a0\u00a0Only systems with segment routing enabled are vulnerable to this issue. \n \n \n \nThis issue affects iBGP and eBGP with \n \nany address family \n \n configured. \n \nThis issue affects: \n \nJunos OS:\u00a0 \n \n \n \n * All versions before 21.4R3-S8, \n * 22.2 before 22.2R3-S5,\u00a0 \n * 22.3 before 22.3R3-S4,\u00a0 \n * 22.4 before 22.4R3-S3,\u00a0 \n * 23.2 before 23.2R2-S2,\u00a0 \n * 23.4 before 23.4R2;\u00a0 \n \n \n \n \nJunos OS Evolved:\u00a0 \n \n \n \n * All versions before 21.4R3-S8-EVO,\u00a0 \n * 22.2-EVO before 22.2R3-S5-EVO,\u00a0 \n * 22.3-EVO before 22.3R3-S4-EVO,\u00a0 \n * 22.4-EVO before 22.4R3-S3-EVO,\u00a0 \n * 23.2-EVO before 23.2R2-S2-EVO,\u00a0 \n * 23.4-EVO before 23.4R2-EVO. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-09T23:11:20.000000Z"}, {"uuid": "7b220417-eeb8-41ee-9edb-d427e78ee384", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39515", "type": "seen", "source": "https://t.me/cvedetector/7531", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39515 - Juniper Networks Junos OS Denial of Service (DoS) vulnerability in BGP Routing Protocol Daemon (rpd)\", \n \"Content\": \"CVE ID : CVE-2024-39515 \nPublished : Oct. 9, 2024, 8:15 p.m. | 44\u00a0minutes ago \nDescription : An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. \n \nIn some cases, rpd fails to restart requiring a manual restart via the 'restart routing' CLI command. \n \nThis issue only affects systems with BGP traceoptions enabled and \n \nrequires a BGP session to be already established. Systems without BGP traceoptions enabled are not affected by this issue. \n \nThis issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability. \n \nThis issue affects: \n \nJunos OS:\u00a0 \n \n * All versions before 21.4R3-S8,\u00a0 \n * 22.2 before 22.2R3-S5,\u00a0 \n * 22.3 before 22.3R3-S4,\u00a0 \n * 22.4 before 22.4R3-S3,\u00a0 \n * 23.2 before 23.2R2-S2,\u00a0 \n * 23.4 before 23.4R2;\u00a0 \n \n \nJunos OS Evolved:\u00a0 \n \n * All versions before 21.4R3-S8-EVO,\u00a0 \n * 22.2-EVO before 22.2R3-S5-EVO,\u00a0 \n * 22.3-EVO before 22.3R3-S4-EVO,\u00a0 \n * 22.4-EVO before 22.4R3-S3-EVO,\u00a0 \n * 23.2-EVO before 23.2R2-S2-EVO,\u00a0 \n * 23.4-EVO before 23.4R2-EVO. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-09T23:11:17.000000Z"}, {"uuid": "2ce96871-10e2-4e4c-a8e5-d6f197978ace", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39511", "type": "seen", "source": "https://t.me/cvedetector/617", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39511 - An Improper Input Validation vulnerability in the\", \n \"Content\": \"CVE ID : CVE-2024-39511 \nPublished : July 10, 2024, 11:15 p.m. | 16\u00a0minutes ago \nDescription : An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of Service (DoS). \n \nOn running a specific operational dot1x command, the dot1x daemon crashes. An attacker can cause a sustained DoS condition by running this command repeatedly. \n \nWhen the crash occurs, the authentication status of any 802.1x clients is cleared, and any authorized dot1x port becomes unauthorized. The client cannot re-authenticate until the dot1x daemon restarts. \n \nThis issue affects Junos OS: \n * All versions before 20.4R3-S10; \n * 21.2 versions before 21.2R3-S7; \n * 21.4 versions before 21.4R3-S6; \n * 22.1 versions before 22.1R3-S5; \n * 22.2 versions before 22.2R3-S3; \n * 22.3 versions before 22.3R3-S2; \n * 22.4 versions before 22.4R3-S1; \n * 23.2 versions before 23.2R2. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-11T01:35:39.000000Z"}, {"uuid": "a4916b31-c17d-4077-8f74-6d88eee3c911", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39519", "type": "seen", "source": "https://t.me/cvedetector/672", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39519 - An Improper Check for Unusual or Exceptional Condi\", \n \"Content\": \"CVE ID : CVE-2024-39519 \nPublished : July 11, 2024, 4:15 p.m. | 39\u00a0minutes ago \nDescription : An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a \n \nDenial-of-Service (DoS). \n \nOn all ACX 7000 Series platforms running \n \nJunos OS Evolved, and configured with IRBs, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets. This issue can be triggered by IPv4 and IPv6 traffic. \n \n \nThis issue affects Junos OS Evolved:\u00a0 \n \nAll versions from 22.2R1-EVO and later versions before 22.4R2-EVO, \n \nThis issue does not affect Junos OS Evolved versions before 22.1R1-EVO. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-11T19:09:41.000000Z"}, {"uuid": "4e191208-b5ba-4186-a82a-41d59cf460ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39514", "type": "seen", "source": "https://t.me/cvedetector/618", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39514 - An Improper Check or Handling of Exceptional Condi\", \n \"Content\": \"CVE ID : CVE-2024-39514 \nPublished : July 10, 2024, 11:15 p.m. | 16\u00a0minutes ago \nDescription : An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). \n \nAn attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition. \n \nThis issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled. \n \nThis issue affects Junos OS: \n * All versions before 20.4R3-S10,\u00a0 \n * from 21.4 before 21.4R3-S6,\u00a0 \n * from 22.1 before 22.1R3-S5,\u00a0 \n * from 22.2 before 22.2R3-S3,\u00a0 \n * from 22.3 before 22.3R3-S2,\u00a0 \n * from 22.4 before 22.4R3,\u00a0 \n * from 23.2 before 23.2R2; \n \n \nJunos OS Evolved: \n * All versions before 20.4R3-S10-EVO,\u00a0 \n * from 21.4-EVO before 21.4R3-S6-EVO,\u00a0 \n * from 22.1-EVO before 22.1R3-S5-EVO,\u00a0 \n * from 22.2-EVO before 22.2R3-S3-EVO,\u00a0 \n * from 22.3-EVO before 22.3R3-S2-EVO,\u00a0 \n * from 22.4-EVO before 22.4R3-EVO,\u00a0 \n * from 23.2-EVO before 23.2R2-EVO. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-11T01:35:40.000000Z"}, {"uuid": "92d0edbe-7bbb-4de0-a5e5-02cc7a932039", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39513", "type": "seen", "source": "https://t.me/cvedetector/616", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39513 - An Improper Input Validation vulnerability in the\", \n \"Content\": \"CVE ID : CVE-2024-39513 \nPublished : July 10, 2024, 11:15 p.m. | 16\u00a0minutes ago \nDescription : An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows a local, low-privileged attacker to cause a Denial of Service (DoS). \n \nWhen a specific \"clear\" command is run, the\u00a0Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) crashes and restarts. \n \nThe crash\u00a0impacts all traffic going through the FPCs, causing a DoS. Running the command repeatedly leads to a sustained DoS condition. \nThis issue affects Junos OS Evolved:\u00a0 \n \n \n \n * All versions before 20.4R3-S9-EVO,\u00a0 \n * from 21.2-EVO before 21.2R3-S7-EVO,\u00a0 \n * from 21.3-EVO before 21.3R3-S5-EVO,\u00a0 \n * from 21.4-EVO before 21.4R3-S6-EVO,\u00a0 \n * from 22.1-EVO before 22.1R3-S4-EVO,\u00a0 \n * from 22.2-EVO before 22.2R3-S3-EVO,\u00a0 \n * from 22.3-EVO before 22.3R3-S3-EVO,\u00a0 \n * from 22.4-EVO before 22.4R3-EVO, \n * from 23.2-EVO before 23.2R2-EVO. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-11T01:35:38.000000Z"}, {"uuid": "ea5bd0d4-6996-4168-bb7f-224b880d648f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39512", "type": "seen", "source": "https://t.me/cvedetector/615", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39512 - An Improper Physical Access Control vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-39512 \nPublished : July 10, 2024, 11:15 p.m. | 16\u00a0minutes ago \nDescription : An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account. \n \nWhen the console cable is disconnected, the logged in user is not logged out.\u00a0This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges. \n \nThis issue affects Junos OS Evolved: \n * from 23.2R2-EVO before 23.2R2-S1-EVO,\u00a0 \n * from 23.4R1-EVO before 23.4R2-EVO. \nSeverity: 6.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-11T01:35:38.000000Z"}, {"uuid": "5ffe1e78-d98d-481e-b433-334b51764b39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39518", "type": "seen", "source": "https://t.me/cvedetector/613", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39518 - A Heap-based Buffer Overflow vulnerability in the\", \n \"Content\": \"CVE ID : CVE-2024-39518 \nPublished : July 10, 2024, 11:15 p.m. | 16\u00a0minutes ago \nDescription : A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS). \n \nWhen the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive. A manual reboot of the Line Card will be required to restore the device to its normal functioning.\u00a0 \n \nThis issue is only seen when telemetry subscription is active. \n \nThe Heap memory utilization can be monitored using the following command: \n\u00a0 > show system processes extensive \n \nThe following command can be used to monitor the memory utilization of the specific sensor \n\u00a0 > show system info | match sensord \n PID NAME MEMORY PEAK MEMORY %CPU THREAD-COUNT CORE-AFFINITY UPTIME \n \n 1986 sensord 877.57MB 877.57MB 2 4 0,2-15 7-21:41:32 \n \n \nThis issue affects Junos OS:\u00a0 \n \n \n \n * from 21.2R3-S5 before 21.2R3-S7,\u00a0 \n * from 21.4R3-S4 before 21.4R3-S6,\u00a0 \n * from 22.2R3 before 22.2R3-S4,\u00a0 \n * from 22.3R2 before 22.3R3-S2,\u00a0 \n * from 22.4R1 before 22.4R3,\u00a0 \n * from 23.2R1 before 23.2R2. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-11T01:35:33.000000Z"}, {"uuid": "351bae3a-a279-4033-bfcf-4e1f39755aae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39517", "type": "seen", "source": "https://t.me/cvedetector/611", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39517 - An Improper Check for Unusual or Exceptional Condi\", \n \"Content\": \"CVE ID : CVE-2024-39517 \nPublished : July 10, 2024, 11:15 p.m. | 16\u00a0minutes ago \nDescription : An Improper Check for Unusual or Exceptional Conditions vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS). \n \nIn an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services. \n \nThis issue affects both IPv4 and IPv6 implementations. \nThis issue affects \nJunos OS: \nAll versions earlier than\u00a021.4R3-S7; \n22.1\u00a0versions earlier than 22.1R3-S5; \n22.2 versions earlier than\u00a022.2R3-S3; \n22.3 versions earlier than\u00a022.3R3-S3; \n22.4 versions earlier than\u00a022.4R3-S2; \n23.2 versions earlier than\u00a023.2R2; \n23.4 versions earlier than\u00a023.4R1-S1. \n \nJunos OS Evolved: \nAll versions earlier than\u00a021.4R3-S7-EVO; \n22.1-EVO versions earlier than\u00a022.1R3-S5-EVO; \n22.2-EVO versions earlier than\u00a022.2R3-S3-EVO; \n22.3-EVO versions earlier than 22.3R3-S3-EVO; \n22.4-EVO versions earlier than\u00a022.4R3-S2-EVO; \n23.2-EVO versions earlier than\u00a023.2R2-EVO; \n23.4-EVO versions earlier than\u00a023.4R1-S1-EVO, 23.4R2-EVO. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-11T01:35:31.000000Z"}, {"uuid": "683930e2-0382-445e-8df7-281816284e25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39516", "type": "seen", "source": "Telegram/xMevvoDSNNsJlXZspG5SlPD3UI0rjKdwu57I9ZMvXptyVxcj", "content": "", "creation_timestamp": "2025-01-28T03:22:55.000000Z"}]}