CVE-2024-30391 — Missing Authentication for Critical Function in Networks Junos OS

CWE-306 — Missing Authentication for Critical Function4 documents4 sources

Severity

6.3MEDIUMNVD

EPSS

0.1%

top 69.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedApr 12

Description

A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the e…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os21.1 — 21.1R3+3

▶NVDjuniper/junos< 20.4+4

🔴Vulnerability Details

CVEList

Junos OS: MX Series with SPC3, and SRX Series: When IPsec authentication is configured with "hmac-sha-384" and "hmac-sha-512" no authentication of traffic is performed↗2024-04-12

▶

GHSA

GHSA-vpfm-675m-rfm8: A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3↗2024-04-12

▶

📋Vendor Advisories

Juniper

CVE-2024-30391: A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3↗2024-04-12

▶