PT-2024-2940 · Juniper Networks · Junos
Published
2024-04-10
·
Updated
2025-02-06
·
CVE-2024-30410
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Juniper Networks Junos OS versions prior to 20.4R3-S10
Juniper Networks Junos OS versions from 21.2 before 21.2R3-S7
Juniper Networks Junos OS versions from 21.4 before 21.4R3-S6
Description
The issue is related to an incorrect behavior order in the routing engine of Juniper Networks Junos OS on EX4300 Series, allowing traffic intended for the device to reach the routing engine instead of being discarded when the discard term is set in the loopback interface. This issue affects only IPv6 firewall filters. The intended function is that the loopback firewall filter takes precedence over the revenue interface firewall filter.
Recommendations
For versions prior to 20.4R3-S10, update to version 20.4R3-S10 or later.
For versions from 21.2 before 21.2R3-S7, update to version 21.2R3-S7 or later.
For versions from 21.4 before 21.4R3-S6, update to version 21.4R3-S6 or later.
As a temporary workaround, consider restricting access to the loopback interface to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos