CVE-2024-39537 - Vulnerability Details

CVE-2024-39537 - Junos OS Evolved: ACX7000 Series: Ports which have been inadvertently exposed can be reached over the network

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, specific processes which should only be able to communicate internally within the device can be reached over the network via open ports. This issue affects Junos OS Evolved on ACX 7000 Series: * All versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Juniper	Acx7020 Acx7024 Acx7024x Acx7100 Acx7300 Acx7509 Junos Os Evolved

Configuration 1 [-]

AND

OR	cpe:2.3:o:juniper:junos_os_evolved::::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s5::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s6::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.4:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.4:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.4:r2::::::

OR	cpe:2.3:h:juniper:acx7020:-:::::::*
	cpe:2.3:h:juniper:acx7024:-:::::::*
	cpe:2.3:h:juniper:acx7024x:-:::::::*
	cpe:2.3:h:juniper:acx7100:-:::::::*
	cpe:2.3:h:juniper:acx7300:-:::::::*
	cpe:2.3:h:juniper:acx7509:-:::::::*

No data.

References

Link	Providers
https://supportportal.juniper.net/JSA82997

History

Thu, 22 Jan 2026 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Juniper acx7020 Juniper acx7024 Juniper acx7024x Juniper acx7100 Juniper acx7300 Juniper acx7509
CPEs		cpe:2.3:h:juniper:acx7020:-:::::::* cpe:2.3:h:juniper:acx7024:-:::::::* cpe:2.3:h:juniper:acx7024x:-:::::::* cpe:2.3:h:juniper:acx7100:-:::::::* cpe:2.3:h:juniper:acx7300:-:::::::* cpe:2.3:h:juniper:acx7509:-:::::::* cpe:2.3:o:juniper:junos_os_evolved:21.4:-:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s5:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s6:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:-:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s3:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r3:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:-:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r3:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:-:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r3:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:-:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:-:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:r2::::::
Vendors & Products		Juniper acx7020 Juniper acx7024 Juniper acx7024x Juniper acx7100 Juniper acx7300 Juniper acx7509

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2024-07-11T16:14:13.477Z

Updated: 2024-08-02T04:26:15.676Z

Reserved: 2024-06-25T15:12:53.241Z

Link: CVE-2024-39537

Vulnrichment

Updated: 2024-07-11T18:56:59.079Z

NVD

Status : Analyzed

Published: 2024-07-11T17:15:11.843

Modified: 2026-01-22T18:29:03.000

Link: CVE-2024-39537

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object