CVE-2024-21607Unimplemented or Unsupported Feature in UI in Networks Junos OS

CWE-447Unimplemented or Unsupported Feature in UI4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 88.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 12

Description

An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets wi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5juniper_networks/junos_os21.421.4R3-S11+16
NVDjuniper/junos< 20.4+9

🔴Vulnerability Details

2
GHSA
GHSA-84c9-gp6c-qg45: An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based at2024-01-12
CVEList
Junos OS: MX Series and EX9200 Series: If the "tcp-reset" option used in an IPv6 filter, matched packets are accepted instead of rejected2024-01-12

📋Vendor Advisories

1
Juniper
CVE-2024-21607: An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based a2024-01-12
CVE-2024-21607 — Networks Junos OS vulnerability | cvebase