CVE-2024-30389Incorrect Behavior Order in Networks Junos OS

CWE-696Incorrect Behavior Order4 documents4 sources
Severity
6.9MEDIUMNVD
EPSS
0.2%
top 62.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 12

Description

An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to an interface it doesn't recognize matching packets but permits any traffic. This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6. This issue does not affect Junos OS releases e

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

Affected Packages2 packages

CVEListV5juniper_networks/junos_os21.421.4R3-S6
NVDjuniper/junos21.4

🔴Vulnerability Details

2
GHSA
GHSA-x368-w88j-3c3r: An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticate2024-04-12
CVEList
Junos OS: EX4300 Series: Firewall filter not blocking egress traffic2024-04-12

📋Vendor Advisories

1
Juniper
CVE-2024-30389: An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticate2024-04-12
CVE-2024-30389 — Incorrect Behavior Order | cvebase