CVE-2024-30389 MEDIUM

CVE-2024-30389: Junos OS: EX4300 Series: Firewall filter not blocking egress traffic

Vendor Juniper Networks
Product Junos OS
Weakness CWE-696
Published April 12, 2024
Last update August 2, 2024

CVSS base score

5.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to an interface it doesn't recognize matching packets but permits any traffic. This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6. This issue does not affect Junos OS releases earlier than 21.4R1.

Key dates

02Disclosure timeline

April 12, 2024 CVE published
August 2, 2024 Record updated