CVE-2024-39533
Junos OS: QFX5000 Series and EX4600 Series: Output firewall filter is not applied if certain match criteria are used
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an unauthenticated, network-based attacker to cause a minor integrity impact to downstream networks.If one or more of the following match conditions
ip-source-address
ip-destination-address
arp-type
which are not supported for this type of filter, are used in an ethernet switching filter, and then this filter is applied as an output filter, the configuration can be committed but the filter will not be in effect.
This issue affects Junos OS on QFX5000 Series and EX4600 Series:
* All version before 21.2R3-S7,
* 21.4 versions before 21.4R3-S6,
* 22.1 versions before 22.1R3-S5,
* 22.2 versions before 22.2R3-S3,
* 22.3 versions before 22.3R3-S2,
* 22.4 versions before 22.4R3,
* 23.2 versions before 23.2R2.
Please note that the implemented fix ensures these unsupported match conditions cannot be committed anymore.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-06-25 CVE Reserved
- 2024-07-11 CVE Published
- 2024-07-12 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-447: Unimplemented or Unsupported Feature in UI
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://supportportal.juniper.net/JSA82993 | 2024-08-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | < 21.2R3-S7 Search vendor "Juniper Networks" for product "Junos OS" and version " < 21.2R3-S7" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 21.4 < 21.4R3-S6 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.4 < 21.4R3-S6" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.1 < 22.1R3-S5 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.1 < 22.1R3-S5" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.2 < 22.2R3-S3 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.2 < 22.2R3-S3" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.3 < 22.3R3-S2 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.3 < 22.3R3-S2" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.4 < 22.4R3 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.4 < 22.4R3" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 23.2 < 23.2R2 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.2 < 23.2R2" | en |
Affected
| ||||||