CVE-2024-30391

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 20.4R3-S7 Junos OS versions 21.1 prior to 21.1R3 Junos OS versions 21.2 prior to 21.2R2-S1, 21.2R3 Junos OS versions 21.3 prior to 21.3R1-S2, 21.3R2

Description: A Missing Authentication for Critical Function issue in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress.

Recommendations: For Junos OS versions prior to 20.4R3-S7, update to version 20.4R3-S7 or later. For Junos OS versions 21.1 prior to 21.1R3, update to version 21.1R3 or later. For Junos OS versions 21.2 prior to 21.2R2-S1, 21.2R3, update to version 21.2R2-S1 or 21.2R3 or later. For Junos OS versions 21.3 prior to 21.3R1-S2, 21.3R2, update to version 21.3R1-S2 or 21.3R2 or later.