Lucene search

[email protected]NVD:CVE-2024-30389

HistoryApr 12, 2024 - 4:15 p.m.

CVE-2024-30389

2024-04-1216:15:38

CWE-696

[email protected]

web.nvd.nist.gov

juniper networks

junos os

packet forwarding engine

ex4300 series

incorrect behavior order

integrity impact

firewall filter

interface

network-based attacker

vulnerability

cve-2024-30389

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device.

When an output firewall filter is applied to an interface it doesn’t recognize matching packets but permits any traffic.
This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6.
This issue does not affect Junos OS releases earlier than 21.4R1.

References

supportportal.juniper.net/JSA79185

www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for NVD:CVE-2024-30389

nessus1 cve1 cvelist1