CVE-2024-21597

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on MX Series versions earlier than 20.4R3-S9 Juniper Networks Junos OS on MX Series version 21.2 versions earlier than 21.2R3-S3 Juniper Networks Junos OS on MX Series version 21.4 versions earlier than 21.4R3-S5 Juniper Networks Junos OS on MX Series version 22.1 versions earlier than 22.1R3 Juniper Networks Junos OS on MX Series version 22.2 versions earlier than 22.2R3 Juniper Networks Junos OS on MX Series version 22.3 versions earlier than 22.3R2

Description The issue is related to an Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series. This vulnerability allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric (AF) scenario, if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context.

Recommendations For versions earlier than 20.4R3-S9, update to version 20.4R3-S9 or later. For version 21.2, update to version 21.2R3-S3 or later. For version 21.4, update to version 21.4R3-S5 or later. For version 22.1, update to version 22.1R3 or later. For version 22.2, update to version 22.2R3 or later. For version 22.3, update to version 22.3R2 or later.