1. Home
  2. CVE Database
  3. CVE-2024-30389
MEDIUM · 5.8

CVE-2024-30389

An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity im...

Vulnerability Description

An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to an interface it doesn't recognize matching packets but permits any traffic. This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6. This issue does not affect Junos OS releases earlier than 21.4R1.

CVSS Score

5.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
JuniperJunos21.4
JuniperEx4300-
JuniperEx4300-24P-
JuniperEx4300-24P-S-
JuniperEx4300-24T-
JuniperEx4300-24T-S-
JuniperEx4300-32F-
JuniperEx4300-32F-Dc-
JuniperEx4300-32F-S-
JuniperEx4300-48Mp-
JuniperEx4300-48Mp-S-
JuniperEx4300-48P-
JuniperEx4300-48P-S-
JuniperEx4300-48T-
JuniperEx4300-48T-Afi-
JuniperEx4300-48T-Dc-
JuniperEx4300-48T-Dc-Afi-
JuniperEx4300-48T-S-

Related Weaknesses (CWE)

CWE-696

References

FAQ

What is CVE-2024-30389?

CVE-2024-30389 is a vulnerability with a CVSS score of 5.8 (MEDIUM). An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity im...

How severe is CVE-2024-30389?

CVE-2024-30389 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-30389?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex4300, Juniper Ex4300-24P, Juniper Ex4300-24P-S, Juniper Ex4300-24T.