An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a "next-header" match to avoid this filter bypass. This issue doesn't affect IPv4 firewall filters. This issue affects Juniper Networks Junos OS on MX Series and EX9200 Series: * All versions earlier than 20.4R3-S7; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NJuniper Ex9200
HWJuniperwszystkie wersjeJuniper Ex9204
HWJuniperwszystkie wersjeJuniper Ex9208
HWJuniperwszystkie wersjeJuniper Junos
OSJuniper20.421.121.221.321.422.122.222.322.4< 20.4Juniper Mx10
HWJuniperwszystkie wersjeJuniper Mx10000
HWJuniperwszystkie wersjeJuniper Mx10003
HWJuniperwszystkie wersjeJuniper Mx10004
HWJuniperwszystkie wersjeJuniper Mx10008
HWJuniperwszystkie wersjeJuniper Mx10016
HWJuniperwszystkie wersjeJuniper Mx104
HWJuniperwszystkie wersjeJuniper Mx150
HWJuniperwszystkie wersjeJuniper Mx2008
HWJuniperwszystkie wersjeJuniper Mx2010
HWJuniperwszystkie wersjeJuniper Mx2020
HWJuniperwszystkie wersjeJuniper Mx204
HWJuniperwszystkie wersjeJuniper Mx240
HWJuniperwszystkie wersjeJuniper Mx304
HWJuniperwszystkie wersjeJuniper Mx40
HWJuniperwszystkie wersjeJuniper Mx480
HWJuniperwszystkie wersjeJuniper Mx5
HWJuniperwszystkie wersjeJuniper Mx80
HWJuniperwszystkie wersjeJuniper Mx960
HWJuniperwszystkie wersje
Powiązane podatności
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SR...
Out-of-bounds Write w J-Web Juniper Junos OS — RCE z uprawnieniami root
This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials ...
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unaut...
An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Rout...