An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks. When the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked. This issue affects Junos OS on EX Series and QFX Series:
* 23.4 version 23.4R2-S6,
* 24.2 version 24.2R2-S3.
No other Junos OS versions are affected.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
None
No disruption
CVSS Vector v4.0
Vulnerable Products 28
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Juniper Junos
cpe:2.3:o:juniper:junos:23.4:r2-s6:*:*:*:*:*:*
|
— | — |
|
Juniper Junos
cpe:2.3:o:juniper:junos:24.2:r2-s3:*:*:*:*:*:*
|
— | — |
|
Juniper Ex2300
cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ex2300-C
cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ex3400
cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ex4000
cpe:2.3:h:juniper:ex4000:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ex4100
cpe:2.3:h:juniper:ex4100:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ex4100-F
cpe:2.3:h:juniper:ex4100-f:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ex4100-H
cpe:2.3:h:juniper:ex4100-h:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ex4300
cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ex4400
cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ex4600
cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ex4650
cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ex9204
cpe:2.3:h:juniper:ex9204:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ex9208
cpe:2.3:h:juniper:ex9208:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ex9214
cpe:2.3:h:juniper:ex9214:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Qfx10008
cpe:2.3:h:juniper:qfx10008:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Qfx10016
cpe:2.3:h:juniper:qfx10016:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Qfx5110
cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Qfx5120
cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Qfx5130
cpe:2.3:h:juniper:qfx5130:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Qfx5200
cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Qfx5210
cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Qfx5220
cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Qfx5230-64cd
cpe:2.3:h:juniper:qfx5230-64cd:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Qfx5240
cpe:2.3:h:juniper:qfx5240:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Qfx5241
cpe:2.3:h:juniper:qfx5241:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Qfx5700
cpe:2.3:h:juniper:qfx5700:-:*:*:*:*:*:*:*
|
— | — |