← Back

CVE-2024-30389

nvd nist
Published: Apr 12, 2024Modified: Feb 6, 2025

JSON object

Loading...
6.9
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: sirt@juniper.net (Secondary)

Description

An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to an interface it doesn't recognize matching packets but permits any traffic. This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6. This issue does not affect Junos OS releases earlier than 21.4R1.

Affected (12)

Products: Juniper: Junos
Juniper
1 product
Junos
Configuration A
12 vulnerable · 17 platform
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 21.4 r1-s1
Junos
Version 21.4 r1-s2
Junos
Version 21.4 r1
Junos
Version 21.4 r2-s1
Junos
Version 21.4 r2-s2
Junos
Version 21.4 r2
Junos
Version 21.4 r3-s1
Junos
Version 21.4 r3-s2
Junos
Version 21.4 r3-s3
Junos
Version 21.4 r3-s4
Junos
Version 21.4 r3-s5
Junos
Version 21.4 r3
Running on/withPlatform Versions
Juniper
Ex4300
All versions
Juniper
Ex4300 24p
All versions
Juniper
Ex4300 24p S
All versions
Juniper
Ex4300 24t
All versions
Juniper
Ex4300 24t S
All versions
Juniper
Ex4300 32f
All versions
Juniper
Ex4300 32f Dc
All versions
Juniper
Ex4300 32f S
All versions
Juniper
Ex4300 48mp
All versions
Juniper
Ex4300 48mp S
All versions
Juniper
Ex4300 48p
All versions
Juniper
Ex4300 48p S
All versions
Juniper
Ex4300 48t
All versions
Juniper
Ex4300 48t Afi
All versions
Juniper
Ex4300 48t Dc
All versions
Juniper
Ex4300 48t Dc Afi
All versions
Juniper
Ex4300 48t S
All versions

Related CWEs

CWE-696
Incorrect Behavior Order
The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.

References (4)

Source: sirt@juniper.net
Vendor Advisory
Source: sirt@juniper.net
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking

Timeline

No history available yet.