GHSA-5QPV-687P-M54H

Vulnerability from github – Published: 2024-07-11 18:31 – Updated: 2024-07-11 18:31
VLAI?
Details

An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an unauthenticated, network-based attacker to cause a minor integrity impact to downstream networks.If one or more of the following match conditions

ip-source-address ip-destination-address arp-type

which are not supported for this type of filter, are used in an ethernet switching filter, and then this filter is applied as an output filter, the configuration can be committed but the filter will not be in effect.

This issue affects Junos OS on QFX5000 Series and EX4600 Series:

  • All version before 21.2R3-S7, 
  • 21.4 versions before 21.4R3-S6,
  • 22.1 versions before 22.1R3-S5,
  • 22.2 versions before 22.2R3-S3,
  • 22.3 versions before 22.3R3-S2, 
  • 22.4 versions before 22.4R3,
  • 23.2 versions before 23.2R2.

Please note that the implemented fix ensures these unsupported match conditions cannot be committed anymore.

Severity ?
5.8 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
6.9 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-39533"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-447"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-11T17:15:10Z",
    "severity": "MODERATE"
  },
  "details": "An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an unauthenticated, network-based attacker to cause a minor integrity impact to downstream networks.If one or more of the following match conditions\n\nip-source-address\nip-destination-address\narp-type\n\nwhich are not supported for this type of filter, are used in an ethernet switching filter,\u00a0and then this filter is applied as an output filter, the configuration can be committed but the filter will not be in effect.\n\n\n\n\nThis issue affects Junos OS on QFX5000 Series and EX4600 Series:\n\n  *  All version before 21.2R3-S7,\u00a0\n  *  21.4 versions before 21.4R3-S6,\n  *  22.1 versions before 22.1R3-S5,\n  *  22.2 versions before 22.2R3-S3,\n  *  22.3 versions before 22.3R3-S2,\u00a0\n  *  22.4 versions before 22.4R3,\n  *  23.2 versions before 23.2R2.\n\n\n\nPlease note that the implemented fix ensures these unsupported match conditions cannot be committed anymore.",
  "id": "GHSA-5qpv-687p-m54h",
  "modified": "2024-07-11T18:31:13Z",
  "published": "2024-07-11T18:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39533"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA82993"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.