{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:35.403Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA75748"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MX Series",
            "EX9200 Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.4R3-S7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.1R3-S5",
              "status": "affected",
              "version": "21.1",
              "versionType": "semver"
            },
            {
              "lessThan": "21.2R3-S5",
              "status": "affected",
              "version": "21.2",
              "versionType": "semver"
            },
            {
              "lessThan": "21.3R3-S4",
              "status": "affected",
              "version": "21.3",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S4",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S2",
              "status": "affected",
              "version": "22.1",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S2",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R2-S2, 22.3R3",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R1-S2, 22.4R2-S2, 22.4R3",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eTo be exposed to this issue a configuration utilizing an IPv6 firewall filter with the tcp-reset option like the following needs to be present:\u003c/p\u003e\u003ccode\u003e  [ firewall family inet6 filter \u0026lt;filter name\u0026gt; term \u0026lt;term name\u0026gt; match payload-protocol ]\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e  [ firewall family inet6 filter \u0026lt;filter name\u0026gt; term \u0026lt;term name\u0026gt; then reject tcp-reset ]\u003c/code\u003e\u003cbr/\u003e"
            }
          ],
          "value": "To be exposed to this issue a configuration utilizing an IPv6 firewall filter with the tcp-reset option like the following needs to be present:\n\n  [ firewall family inet6 filter \u003cfilter name\u003e term \u003cterm name\u003e match payload-protocol ]\n  [ firewall family inet6 filter \u003cfilter name\u003e term \u003cterm name\u003e then reject tcp-reset ]\n"
        }
      ],
      "datePublic": "2024-01-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eAn Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device.\u003c/p\u003e\u003cp\u003eIf the \"tcp-reset\" option is added to the \"reject\" action in an IPv6 filter which matches on \"payload-protocol\", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a \"next-header\" match to avoid this filter bypass.\u003c/p\u003e\u003cp\u003eThis issue doesn\u0027t affect IPv4 firewall filters.\u003c/p\u003e\u003cp\u003eThis issue affects Juniper Networks Junos OS on MX Series and EX9200 Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 20.4R3-S7;\u003c/li\u003e\u003cli\u003e21.1 versions earlier than 21.1R3-S5;\u003c/li\u003e\u003cli\u003e21.2 versions earlier than 21.2R3-S5;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S4;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S4;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S2;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S2;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R2-S2, 22.3R3;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
            }
          ],
          "value": "\nAn Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device.\n\nIf the \"tcp-reset\" option is added to the \"reject\" action in an IPv6 filter which matches on \"payload-protocol\", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a \"next-header\" match to avoid this filter bypass.\n\nThis issue doesn\u0027t affect IPv4 firewall filters.\n\nThis issue affects Juniper Networks Junos OS on MX Series and EX9200 Series:\n\n\n\n  *  All versions earlier than 20.4R3-S7;\n  *  21.1 versions earlier than 21.1R3-S5;\n  *  21.2 versions earlier than 21.2R3-S5;\n  *  21.3 versions earlier than 21.3R3-S4;\n  *  21.4 versions earlier than 21.4R3-S4;\n  *  22.1 versions earlier than 22.1R3-S2;\n  *  22.2 versions earlier than 22.2R3-S2;\n  *  22.3 versions earlier than 22.3R2-S2, 22.3R3;\n  *  22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.\n\n\n\n\n\n\n"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-447",
              "description": "CWE-447 Unimplemented or Unsupported Feature in UI",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T00:55:07.323Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA75748"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S7, 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R1-S2, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases.\u003c/p\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S7, 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R1-S2, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases.\n\n"
        }
      ],
      "source": {
        "advisory": "JSA75748",
        "defect": [
          "1689224"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-10T17:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Junos OS: MX Series and EX9200 Series: If the \"tcp-reset\" option used in an IPv6 filter, matched packets are accepted instead of rejected",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA workarounds is to replace the payload-protocol match with a next-header match like in the following example:\u003c/p\u003e\u003ccode\u003e  [ firewall family inet6 filter \u0026lt;filter name\u0026gt; term \u0026lt;term name\u0026gt; match next-header]\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e  [ firewall family inet6 filter \u0026lt;filter name\u0026gt; term \u0026lt;term name\u0026gt; then reject tcp-reset ]\u003c/code\u003e\u003cbr/\u003e"
            }
          ],
          "value": "A workarounds is to replace the payload-protocol match with a next-header match like in the following example:\n\n  [ firewall family inet6 filter \u003cfilter name\u003e term \u003cterm name\u003e match next-header]\n  [ firewall family inet6 filter \u003cfilter name\u003e term \u003cterm name\u003e then reject tcp-reset ]\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-av217"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-21607",
    "datePublished": "2024-01-12T00:55:07.323Z",
    "dateReserved": "2023-12-27T19:38:25.708Z",
    "dateUpdated": "2024-08-01T22:27:35.403Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}