CVE-2024-39538 - Vulnerability Details

CVE-2024-39538 - Junos OS Evolved: ACX7000 Series: When multicast traffic with a specific (S,G) is received evo-pfemand crashes

A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).When multicast traffic with a specific, valid (S,G) is received, evo-pfemand crashes which leads to an outage of the affected FPC until it is manually recovered. This issue affects Junos OS Evolved on ACX7000 Series: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00056.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Juniper	Acx7020 Acx7024 Acx7024x Acx7100 Acx7300 Acx7509 Junos Os Evolved
Juniper Networks	Junos Os Evolved

Configuration 1 [-]

AND

OR	cpe:2.3:o:juniper:junos_os_evolved::::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s5::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s6::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s7::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s5::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s6::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:-::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r1::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2::::::

OR	cpe:2.3:h:juniper:acx7020:-:::::::*
	cpe:2.3:h:juniper:acx7024:-:::::::*
	cpe:2.3:h:juniper:acx7024x:-:::::::*
	cpe:2.3:h:juniper:acx7100:-:::::::*
	cpe:2.3:h:juniper:acx7300:-:::::::*
	cpe:2.3:h:juniper:acx7509:-:::::::*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Juniper Networks	Junos Os Evolved

References

Link	Providers
https://supportportal.juniper.net/JSA82998

History

Thu, 22 Jan 2026 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Juniper Juniper acx7020 Juniper acx7024 Juniper acx7024x Juniper acx7100 Juniper acx7300 Juniper acx7509 Juniper junos Os Evolved
CPEs		cpe:2.3:h:juniper:acx7020:-:::::::* cpe:2.3:h:juniper:acx7024:-:::::::* cpe:2.3:h:juniper:acx7024x:-:::::::* cpe:2.3:h:juniper:acx7100:-:::::::* cpe:2.3:h:juniper:acx7300:-:::::::* cpe:2.3:h:juniper:acx7509:-:::::::* cpe:2.3:o:juniper:junos_os_evolved:::::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:-:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s5:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s6:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s7:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:-:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s5:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s6:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:-:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s3:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r3:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:-:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r3:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:-:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r3:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:-:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:-:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:r2::::::
Vendors & Products		Juniper Juniper acx7020 Juniper acx7024 Juniper acx7024x Juniper acx7100 Juniper acx7300 Juniper acx7509 Juniper junos Os Evolved

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2024-07-11T16:14:51.304Z

Updated: 2024-08-02T04:26:15.171Z

Reserved: 2024-06-25T15:12:53.242Z

Link: CVE-2024-39538

Vulnrichment

Updated: 2024-07-11T18:31:48.945Z

NVD

Status : Analyzed

Published: 2024-07-11T17:15:12.413

Modified: 2026-01-22T18:29:22.077

Link: CVE-2024-39538

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-12T22:44:29Z

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object