Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentJuniperVULNRICHMENT:CVE-2024-30391
HistoryApr 12, 2024 - 3:25 p.m.

CVE-2024-30391 Junos OS: MX Series with SPC3, and SRX Series: When IPsec authentication is configured with "hmac-sha-384" and "hmac-sha-512" no authentication of traffic is performed

2024-04-1215:25:24
CWE-306
juniper
github.com
2
juniper networks
critical function vulnerability
packet forwarding engine

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

CVSS4

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/SC:N/VI:L/SI:N/VA:L/SA:N

AI Score

7.3

Confidence

High

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON

A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, andย SRX Seriesย allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device.

If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed.
This issue affects Junos OS:

  • All versions before 20.4R3-S7,
  • 21.1 versions before 21.1R3,
  • 21.2 versions before 21.2R2-S1, 21.2R3,
  • 21.3 versions before 21.3R1-S2, 21.3R2.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "SRX Series",
      "MX Series with SPC3"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S7",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.1R3",
        "status": "affected",
        "version": "21.1",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R2-S1, 21.2R3",
        "status": "affected",
        "version": "21.2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R1-S2, 21.3R2",
        "status": "affected",
        "version": "21.3",
        "versionType": "semver"
      }
    ]
  }
]

Related

nvd 1
cvelist 1
cve 1
nvd
nvd
CVE-2024-30391
2024-04-12 16:15:38
cvelist
cvelist
CVE-2024-30391 Junos OS: MX Series with SPC3, and SRX Series: When IPsec authentication is configured with "hmac-sha-384" and "hmac-sha-512" no authentication of traffic is performed
2024-04-12 15:25:24
cve
cve
CVE-2024-30391
2024-04-12 16:15:38

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

CVSS4

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/SC:N/VI:L/SI:N/VA:L/SA:N

AI Score

7.3

Confidence

High

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2024-30391
nvd1cvelist1cve1