Lucene search

[email protected]CVE-2024-21607

HistoryJan 12, 2024 - 1:15 a.m.

CVE-2024-21607

2024-01-1201:15:49

CWE-447

[email protected]

web.nvd.nist.gov

cve-2024-21607

juniper networks

junos os

mx series

ex9200 series

ui vulnerability

network-based attacker

integrity impact

ipv6 filter

kernel filter

firewall filters

security

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.1 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device.

If the “tcp-reset” option is added to the “reject” action in an IPv6 filter which matches on “payload-protocol”, packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a “next-header” match to avoid this filter bypass.

This issue doesn’t affect IPv4 firewall filters.

This issue affects Juniper Networks Junos OS on MX Series and EX9200 Series:

All versions earlier than 20.4R3-S7;
21.1 versions earlier than 21.1R3-S5;
21.2 versions earlier than 21.2R3-S5;
21.3 versions earlier than 21.3R3-S4;
21.4 versions earlier than 21.4R3-S4;
22.1 versions earlier than 22.1R3-S2;
22.2 versions earlier than 22.2R3-S2;
22.3 versions earlier than 22.3R2-S2, 22.3R3;
22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.

Affected configurations

NVD

Node

juniperjunosRange<20.4

juniperjunosMatch20.4-

juniperjunosMatch20.4r1

juniperjunosMatch20.4r1-s1

juniperjunosMatch20.4r2

juniperjunosMatch20.4r2-s1

juniperjunosMatch20.4r2-s2

juniperjunosMatch20.4r3

juniperjunosMatch20.4r3-s1

juniperjunosMatch20.4r3-s2

juniperjunosMatch20.4r3-s3

juniperjunosMatch20.4r3-s4

juniperjunosMatch20.4r3-s5

juniperjunosMatch20.4r3-s6

juniperjunosMatch21.1-

juniperjunosMatch21.1r1

juniperjunosMatch21.1r1-s1

juniperjunosMatch21.1r2

juniperjunosMatch21.1r2-s1

juniperjunosMatch21.1r2-s2

juniperjunosMatch21.1r3

juniperjunosMatch21.1r3-s1

juniperjunosMatch21.1r3-s2

juniperjunosMatch21.1r3-s3

juniperjunosMatch21.1r3-s4

juniperjunosMatch21.2-

juniperjunosMatch21.2r1

juniperjunosMatch21.2r1-s1

juniperjunosMatch21.2r1-s2

juniperjunosMatch21.2r2

juniperjunosMatch21.2r2-s1

juniperjunosMatch21.2r2-s2

juniperjunosMatch21.2r3

juniperjunosMatch21.2r3-s1

juniperjunosMatch21.2r3-s2

juniperjunosMatch21.2r3-s3

juniperjunosMatch21.2r3-s4

juniperjunosMatch21.3-

juniperjunosMatch21.3r1

juniperjunosMatch21.3r1-s1

juniperjunosMatch21.3r1-s2

juniperjunosMatch21.3r2

juniperjunosMatch21.3r2-s1

juniperjunosMatch21.3r2-s2

juniperjunosMatch21.3r3

juniperjunosMatch21.3r3-s1

juniperjunosMatch21.3r3-s2

juniperjunosMatch21.3r3-s3

juniperjunosMatch21.4-

juniperjunosMatch21.4r1

juniperjunosMatch21.4r1-s1

juniperjunosMatch21.4r1-s2

juniperjunosMatch21.4r2

juniperjunosMatch21.4r2-s1

juniperjunosMatch21.4r2-s2

juniperjunosMatch21.4r3

juniperjunosMatch21.4r3-s1

juniperjunosMatch21.4r3-s2

juniperjunosMatch21.4r3-s3

juniperjunosMatch22.1-

juniperjunosMatch22.1r1

juniperjunosMatch22.1r1-s1

juniperjunosMatch22.1r1-s2

juniperjunosMatch22.1r2

juniperjunosMatch22.1r2-s1

juniperjunosMatch22.1r2-s2

juniperjunosMatch22.1r3

juniperjunosMatch22.1r3-s1

juniperjunosMatch22.2-

juniperjunosMatch22.2r1

juniperjunosMatch22.2r1-s1

juniperjunosMatch22.2r1-s2

juniperjunosMatch22.2r2

juniperjunosMatch22.2r2-s1

juniperjunosMatch22.2r2-s2

juniperjunosMatch22.2r3

juniperjunosMatch22.2r3-s1

juniperjunosMatch22.3-

juniperjunosMatch22.3r1

juniperjunosMatch22.3r1-s1

juniperjunosMatch22.3r1-s2

juniperjunosMatch22.3r2

juniperjunosMatch22.3r2-s1

juniperjunosMatch22.4-

juniperjunosMatch22.4r1

juniperjunosMatch22.4r1-s1

juniperjunosMatch22.4r2

juniperjunosMatch22.4r2-s1

AND

juniperex9200Match-

juniperex9204Match-

juniperex9208Match-

junipermx10Match-

junipermx10000Match-

junipermx10003Match-

junipermx10004Match-

junipermx10008Match-

junipermx10016Match-

junipermx104Match-

junipermx150Match-

junipermx2008Match-

junipermx2010Match-

junipermx2020Match-

junipermx204Match-

junipermx240Match-

junipermx304Match-

junipermx40Match-

junipermx480Match-

junipermx5Match-

junipermx80Match-

junipermx960Match-

CPENameOperatorVersion
juniper:junosjuniper junoslt20.4
juniper:junosjuniper junoseq21.1
juniper:junosjuniper junoseq21.2
juniper:junosjuniper junoseq21.3
juniper:junosjuniper junoseq21.4
juniper:junosjuniper junoseq22.1
juniper:junosjuniper junoseq22.2
juniper:junosjuniper junoseq22.3
juniper:junosjuniper junoseq22.4

CPE	Name	Operator	Version
juniper:junos	juniper junos	lt	20.4
juniper:junos	juniper junos	eq	21.1
juniper:junos	juniper junos	eq	21.2
juniper:junos	juniper junos	eq	21.3
juniper:junos	juniper junos	eq	21.4
juniper:junos	juniper junos	eq	22.1
juniper:junos	juniper junos	eq	22.2
juniper:junos	juniper junos	eq	22.3
juniper:junos	juniper junos	eq	22.4

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "MX Series",
      "EX9200 Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S7",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.1R3-S5",
        "status": "affected",
        "version": "21.1",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S5",
        "status": "affected",
        "version": "21.2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3-S4",
        "status": "affected",
        "version": "21.3",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S4",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S2",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S2",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R2-S2, 22.3R3",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R1-S2, 22.4R2-S2, 22.4R3",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      }
    ]
  }
]

References

supportportal.juniper.net/JSA75748

www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.1 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2024-21607

prion1 nvd1 cvelist1