U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-30389

Change History

New CVE Received by NIST 4/12/2024 12:15:38 PM

Action Type Old Value New Value
Added CVSS V3.1

Juniper Networks, Inc. AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Added CWE

Juniper Networks, Inc. CWE-696
Added Description

An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device.

When an output firewall filter is applied to an interface it doesn't recognize matching packets but permits any traffic.
This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6.
This issue does not affect Junos OS releases earlier than 21.4R1.

Added Reference

Juniper Networks, Inc. http://supportportal.juniper.net/JSA79185 [No types assigned]
Added Reference

Juniper Networks, Inc. https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N [No types assigned]