THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-30389

Junos OS: EX4300 Series: Firewall filter not blocking egress traffic

Assignerjuniper
Reserved2024-03-26
Published2024-04-12
Updated2024-07-01

Description

An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to an interface it doesn't recognize matching packets but permits any traffic. This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6. This issue does not affect Junos OS releases earlier than 21.4R1.



MEDIUM: 5.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

Problem types

CWE-696 Incorrect Behavior Order

Product status

Default status
unaffected

21.4 before 21.4R3-S6
affected

21.4 before 21.4R1
unaffected

References

http://supportportal.juniper.net/JSA79185 vendor-advisory

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N technical-description

cve.org CVE-2024-30389

nvd.nist.gov CVE-2024-30389

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-30389
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
© Copyright 2024 THREATINT. Made in Cyprus with +