Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Junos Firewall Bypass Vulnerability
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Junos with the Trio-based PFE modules are affected from a security bybass vulnerability.
Insight
Insight
When configuring a stateless firewall filter on a system with Trio-based PFE modules (e.g. MX Series), any source or destination port matching condition may fail to match intended packets, causing the filter to not execute the actions specified in the 'then' clause. Depending on the intent and design of the interface filter, this match failure may have unexpected impact on the router or follow-on filter clauses. For example, if traffic with a specific destination port was designed to be accepted, a later 'reject all' clause may inadvertently discard wanted traffic. Conversely, if certain destination ports are meant to be dropped, malicious traffic may be consumed by the RE or forwarded on to downstream routers.
Affected Software
Affected Software
Junos OS 13.3 and 14.1
Detection Method
Detection Method
Checks if a vulnerable OS build is present on the target host.
Solution
Solution
Update to Junos OS OS 13.3R3-S3, 13.3R4, 14.1R3, 14.2R1, or any subsequent releases.