]"}],"datePublic":"2024-04-10T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device.
When an output firewall filter is applied to an interface it doesn't recognize matching packets but permits any traffic.
This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6.
This issue does not affect Junos OS releases earlier than 21.4R1.
"}],"value":"An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device.\n\nWhen an output firewall filter is applied to an interface it doesn't recognize matching packets but permits any traffic.\nThis issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6.\nThis issue does not affect Junos OS releases earlier than 21.4R1."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.8,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":6.9,"baseSeverity":"MEDIUM","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-696","description":"CWE-696 Incorrect Behavior Order","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper","dateUpdated":"2024-05-16T20:20:24.333Z"},"references":[{"tags":["vendor-advisory"],"url":"http://supportportal.juniper.net/JSA79185"},{"tags":["technical-description"],"url":"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The following software release has been updated to resolve this specific issue: 21.4R3-S6, and all subsequent releases of this branch."}],"value":"The following software release has been updated to resolve this specific issue: 21.4R3-S6, and all subsequent releases of this branch."}],"source":{"advisory":"JSA79185","defect":["1770410"],"discovery":"USER"},"title":"Junos OS: EX4300 Series: Firewall filter not blocking egress traffic","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"While there is no known workarounds for this issue, it is possible to recover by deactivating and then activating the filter. But please note that the issue might reoccur after a reboot or pfe restart.
"}],"value":"While there is no known workarounds for this issue, it is possible to recover by deactivating and then activating the filter. But please note that the issue might reoccur after a reboot or pfe restart."}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"affected":[{"vendor":"juniper","product":"junos","cpes":["cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"21.4","status":"affected","lessThan":"21.4r3-s6","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-01T18:21:26.443379Z","id":"CVE-2024-30389","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-01T18:21:30.321Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T01:32:07.280Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"http://supportportal.juniper.net/JSA79185"},{"tags":["technical-description","x_transferred"],"url":"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"}]}]}}