Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2024-39531

Improper Handling of Values

Published: Jul 11, 2024 | Modified: Jan 22, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2024-39531
CWEhttps://cwe.mitre.org/data/definitions/229.html

An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service (DoS).

If a value is configured for DDoS bandwidth or burst parameters for any protocol in a queue, all protocols which share the same queue will have their bandwidth or burst value changed to the new value. If, for example, OSPF was configured with a certain bandwidth value, ISIS would also be limited to this value. So inadvertently either the control plane is open for a high level of specific traffic which was supposed to be limited to a lower value, or the limit for a certain protocol is so low that chances to succeed with a volumetric DoS attack are significantly increased. 

This issue affects Junos OS Evolved on ACX 7000 Series:

  • All versions before 21.4R3-S7-EVO,
  • 22.1 versions before 22.1R3-S6-EVO, 
  • 22.2 versions before 22.2R3-S3-EVO,
  • 22.3 versions before 22.3R3-S3-EVO, 
  • 22.4 versions before 22.4R3-S2-EVO,
  • 23.2 versions before 23.2R2-EVO,
  • 23.4

versions

before 23.4R1-S1-EVO, 23.4R2-EVO.

Weakness

The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.

Affected Software

NameVendorStart VersionEnd Version
Junos_os_evolvedJuniper*21.4 (excluding)
Junos_os_evolvedJuniper21.4 (including)21.4 (including)
Junos_os_evolvedJuniper21.4-r1 (including)21.4-r1 (including)
Junos_os_evolvedJuniper21.4-r1-s1 (including)21.4-r1-s1 (including)
Junos_os_evolvedJuniper21.4-r1-s2 (including)21.4-r1-s2 (including)
Junos_os_evolvedJuniper21.4-r2 (including)21.4-r2 (including)
Junos_os_evolvedJuniper21.4-r2-s1 (including)21.4-r2-s1 (including)
Junos_os_evolvedJuniper21.4-r2-s2 (including)21.4-r2-s2 (including)
Junos_os_evolvedJuniper21.4-r3 (including)21.4-r3 (including)
Junos_os_evolvedJuniper21.4-r3-s1 (including)21.4-r3-s1 (including)
Junos_os_evolvedJuniper21.4-r3-s2 (including)21.4-r3-s2 (including)
Junos_os_evolvedJuniper21.4-r3-s3 (including)21.4-r3-s3 (including)
Junos_os_evolvedJuniper21.4-r3-s4 (including)21.4-r3-s4 (including)
Junos_os_evolvedJuniper21.4-r3-s5 (including)21.4-r3-s5 (including)
Junos_os_evolvedJuniper21.4-r3-s6 (including)21.4-r3-s6 (including)
Junos_os_evolvedJuniper22.1 (including)22.1 (including)
Junos_os_evolvedJuniper22.1-r1 (including)22.1-r1 (including)
Junos_os_evolvedJuniper22.1-r1-s1 (including)22.1-r1-s1 (including)
Junos_os_evolvedJuniper22.1-r1-s2 (including)22.1-r1-s2 (including)
Junos_os_evolvedJuniper22.1-r2 (including)22.1-r2 (including)
Junos_os_evolvedJuniper22.1-r2-s1 (including)22.1-r2-s1 (including)
Junos_os_evolvedJuniper22.1-r3 (including)22.1-r3 (including)
Junos_os_evolvedJuniper22.1-r3-s1 (including)22.1-r3-s1 (including)
Junos_os_evolvedJuniper22.1-r3-s2 (including)22.1-r3-s2 (including)
Junos_os_evolvedJuniper22.1-r3-s3 (including)22.1-r3-s3 (including)
Junos_os_evolvedJuniper22.1-r3-s4 (including)22.1-r3-s4 (including)
Junos_os_evolvedJuniper22.1-r3-s5 (including)22.1-r3-s5 (including)
Junos_os_evolvedJuniper22.2 (including)22.2 (including)
Junos_os_evolvedJuniper22.2-r1 (including)22.2-r1 (including)
Junos_os_evolvedJuniper22.2-r1-s1 (including)22.2-r1-s1 (including)
Junos_os_evolvedJuniper22.2-r1-s2 (including)22.2-r1-s2 (including)
Junos_os_evolvedJuniper22.2-r2 (including)22.2-r2 (including)
Junos_os_evolvedJuniper22.2-r2-s1 (including)22.2-r2-s1 (including)
Junos_os_evolvedJuniper22.2-r2-s2 (including)22.2-r2-s2 (including)
Junos_os_evolvedJuniper22.2-r3 (including)22.2-r3 (including)
Junos_os_evolvedJuniper22.2-r3-s1 (including)22.2-r3-s1 (including)
Junos_os_evolvedJuniper22.2-r3-s2 (including)22.2-r3-s2 (including)
Junos_os_evolvedJuniper22.3 (including)22.3 (including)
Junos_os_evolvedJuniper22.3-r1 (including)22.3-r1 (including)
Junos_os_evolvedJuniper22.3-r1-s1 (including)22.3-r1-s1 (including)
Junos_os_evolvedJuniper22.3-r1-s2 (including)22.3-r1-s2 (including)
Junos_os_evolvedJuniper22.3-r2 (including)22.3-r2 (including)
Junos_os_evolvedJuniper22.3-r2-s1 (including)22.3-r2-s1 (including)
Junos_os_evolvedJuniper22.3-r2-s2 (including)22.3-r2-s2 (including)
Junos_os_evolvedJuniper22.3-r3 (including)22.3-r3 (including)
Junos_os_evolvedJuniper22.3-r3-s1 (including)22.3-r3-s1 (including)
Junos_os_evolvedJuniper22.3-r3-s2 (including)22.3-r3-s2 (including)
Junos_os_evolvedJuniper22.4 (including)22.4 (including)
Junos_os_evolvedJuniper22.4-r1 (including)22.4-r1 (including)
Junos_os_evolvedJuniper22.4-r1-s1 (including)22.4-r1-s1 (including)
Junos_os_evolvedJuniper22.4-r1-s2 (including)22.4-r1-s2 (including)
Junos_os_evolvedJuniper22.4-r2 (including)22.4-r2 (including)
Junos_os_evolvedJuniper22.4-r2-s1 (including)22.4-r2-s1 (including)
Junos_os_evolvedJuniper22.4-r2-s2 (including)22.4-r2-s2 (including)
Junos_os_evolvedJuniper22.4-r3 (including)22.4-r3 (including)
Junos_os_evolvedJuniper22.4-r3-s1 (including)22.4-r3-s1 (including)
Junos_os_evolvedJuniper23.2 (including)23.2 (including)
Junos_os_evolvedJuniper23.2-r1 (including)23.2-r1 (including)
Junos_os_evolvedJuniper23.2-r1-s1 (including)23.2-r1-s1 (including)
Junos_os_evolvedJuniper23.2-r1-s2 (including)23.2-r1-s2 (including)
Junos_os_evolvedJuniper23.4 (including)23.4 (including)
Junos_os_evolvedJuniper23.4-r1 (including)23.4-r1 (including)
Junos_os_evolvedJuniper23.4-r2 (including)23.4-r2 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use