// For flags

CVE-2024-30391

Junos OS: MX Series with SPC3, and SRX Series: When IPsec authentication is configured with "hmac-sha-384" and "hmac-sha-512" no authentication of traffic is performed

Severity Score

6.3
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device.

If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed.
This issue affects Junos OS:



* All versions before 20.4R3-S7,
* 21.1 versions before 21.1R3, 
* 21.2 versions before 21.2R2-S1, 21.2R3, 
* 21.3 versions before 21.3R1-S2, 21.3R2.

Una vulnerabilidad de autenticación faltante para función crítica en el motor de reenvío de paquetes (pfe) de Juniper Networks Junos OS en la serie MX con SPC3 y la serie SRX permite que un atacante basado en red no autenticado cause un impacto limitado en la integridad o disponibilidad del dispositivo. Si un dispositivo está configurado con el algoritmo de autenticación IPsec hmac-sha-384 o hmac-sha-512, los túneles se establecen normalmente, pero para el tráfico que atraviesa el túnel no se envía información de autenticación con los datos cifrados en la salida y no se espera información de autenticación en ingreso. Entonces, si el par es un dispositivo no afectado, el tráfico de tránsito fallará en ambas direcciones. Si el par es un dispositivo también afectado, el tráfico de tránsito funciona, pero sin autenticación, y los comandos operativos de configuración y CLI indican que se realiza la autenticación. Este problema afecta a Junos OS: todas las versiones anteriores a 20.4R3-S7, versiones 21.1 anteriores a 21.1R3, versiones 21.2 anteriores a 21.2R2-S1, 21.2R3, versiones 21.3 anteriores a 21.3R1-S2, 21.3R2.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
Present
Privileges Required
None
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
None
None
Integrity
Low
None
Availability
Low
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-03-26 CVE Reserved
  • 2024-04-12 CVE Published
  • 2024-04-13 EPSS Updated
  • 2024-08-09 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-306: Missing Authentication for Critical Function
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper Networks
Search vendor "Juniper Networks"
Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
< 20.4R3-S7
Search vendor "Juniper Networks" for product "Junos OS" and version " < 20.4R3-S7"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
>= 21.1 < 21.1R3
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.1 < 21.1R3"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
>= 21.2 < 21.2R2-S1
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.2 < 21.2R2-S1"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
>= 21.2 < 21.2R3
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.2 < 21.2R3"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
>= 21.3 < 21.3R1-S2
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.3 < 21.3R1-S2"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
>= 21.3 < 21.3R2
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.3 < 21.3R2"
en
Affected