CVE-2024-39533

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 21.2R3-S7 Junos OS versions 21.4 prior to 21.4R3-S6 Junos OS versions 22.1 prior to 22.1R3-S5 Junos OS versions 22.2 prior to 22.2R3-S3 Junos OS versions 22.3 prior to 22.3R3-S2 Junos OS versions 22.4 prior to 22.4R3 Junos OS versions 23.2 prior to 23.2R2

Description The issue is related to an unimplemented or unsupported feature in the UI of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series, allowing an unauthenticated, network-based attacker to cause a minor integrity impact to downstream networks. This occurs when certain match conditions, such as ip-source-address, ip-destination-address, or arp-type, are used in an ethernet switching filter and then applied as an output filter. The configuration can be committed, but the filter will not be in effect.

Recommendations For Junos OS versions prior to 21.2R3-S7, update to version 21.2R3-S7 or later. For Junos OS versions 21.4 prior to 21.4R3-S6, update to version 21.4R3-S6 or later. For Junos OS versions 22.1 prior to 22.1R3-S5, update to version 22.1R3-S5 or later. For Junos OS versions 22.2 prior to 22.2R3-S3, update to version 22.2R3-S3 or later. For Junos OS versions 22.3 prior to 22.3R3-S2, update to version 22.3R3-S2 or later. For Junos OS versions 22.4 prior to 22.4R3, update to version 22.4R3 or later. For Junos OS versions 23.2 prior to 23.2R2, update to version 23.2R2 or later.