Vulnerabilities > CVE-2024-21597 - Exposure of Resource to Wrong Sphere vulnerability in Juniper Junos

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

juniper

CWE-668

NVD

Published: 2024-01-12

Updated: 2024-01-19

Summary

An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context. This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2.

Vulnerable Configurations

Part	Description	Count
OS	Juniper Juniper Junos 20.4 Juniper Junos 21.2 Juniper Junos 21.4 Juniper Junos 22.1 Juniper Junos 22.2 Juniper Junos 22.3	55

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References