PT-2024-4868 · Juniper Networks · Junos
Published
2024-04-10
·
Updated
2024-05-16
·
CVE-2024-30389
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
Junos OS versions 21.4R1 through 21.4R3-S5
Description:
An issue in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to an interface, it doesn't recognize matching packets but permits any traffic.
Recommendations:
For versions 21.4R1 through 21.4R3-S5, update to version 21.4R3-S6 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable interface until a patch is available. Avoid using output firewall filters on affected interfaces until the issue is resolved.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos