Missing Authentication Issue in Juniper Networks Junos OS on MX and SRX Series Devices
CVE-2024-30391

4.8MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 12 April 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in Juniper Networks' Junos OS, particularly impacting MX Series and SRX Series devices, stems from a missing authentication mechanism within the Packet Forwarding Engine (pfe). This flaw enables an unauthenticated network-based attacker to exploit the affected devices without needing valid credentials. In scenarios where IPsec authentication algorithms such as hmac-sha-384 or hmac-sha-512 are employed, although tunnels are formed successfully, no authentication information is transmitted with the encrypted data during egress, and similarly, no authentication is expected during ingress. As a result, traffic can experience disruptions, especially when communicating with affected peers, raising serious concerns around device integrity and availability. Users must upgrade to the latest versions to mitigate the risk associated with this vulnerability.

Affected Version(s)

Junos OS SRX Series 0 < 20.4R3-S7

Junos OS SRX Series 21.1 < 21.1R3

Junos OS SRX Series 21.2 < 21.2R2-S1, 21.2R3

References

http://supportportal.juniper.net/JSA79188

vendor-advisory

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/A...

technical-description

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
May 16, 2024
Vulnerability published
Apr 12, 2024
Vulnerability Reserved
Mar 26, 2024

Collectors

NVD DatabaseMitre Database