CVE-2024-21607 (GCVE-0-2024-21607)
Vulnerability from cvelistv5 – Published: 2024-01-12 00:55 – Updated: 2025-06-17 21:09
VLAI?
Title
Junos OS: MX Series and EX9200 Series: If the "tcp-reset" option used in an IPv6 filter, matched packets are accepted instead of rejected
Summary
An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device.
If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a "next-header" match to avoid this filter bypass.
This issue doesn't affect IPv4 firewall filters.
This issue affects Juniper Networks Junos OS on MX Series and EX9200 Series:
* All versions earlier than 20.4R3-S7;
* 21.1 versions earlier than 21.1R3-S5;
* 21.2 versions earlier than 21.2R3-S5;
* 21.3 versions earlier than 21.3R3-S4;
* 21.4 versions earlier than 21.4R3-S4;
* 22.1 versions earlier than 22.1R3-S2;
* 22.2 versions earlier than 22.2R3-S2;
* 22.3 versions earlier than 22.3R2-S2, 22.3R3;
* 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.
Severity ?
5.3 (Medium)
CWE
- CWE-447 - Unimplemented or Unsupported Feature in UI
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 20.4R3-S7
(semver)
Affected: 21.1 , < 21.1R3-S5 (semver) Affected: 21.2 , < 21.2R3-S5 (semver) Affected: 21.3 , < 21.3R3-S4 (semver) Affected: 21.4 , < 21.4R3-S4 (semver) Affected: 22.1 , < 22.1R3-S2 (semver) Affected: 22.2 , < 22.2R3-S2 (semver) Affected: 22.3 , < 22.3R2-S2, 22.3R3 (semver) Affected: 22.4 , < 22.4R1-S2, 22.4R2-S2, 22.4R3 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:35.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA75748"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-12T15:43:36.508647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:09:19.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX Series",
"EX9200 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1R3-S5",
"status": "affected",
"version": "21.1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S5",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S4",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S2",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2, 22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R1-S2, 22.4R2-S2, 22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be exposed to this issue a configuration utilizing an IPv6 firewall filter with the tcp-reset option like the following needs to be present:\u003c/p\u003e\u003ccode\u003e [ firewall family inet6 filter \u0026lt;filter name\u0026gt; term \u0026lt;term name\u0026gt; match payload-protocol ]\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e [ firewall family inet6 filter \u0026lt;filter name\u0026gt; term \u0026lt;term name\u0026gt; then reject tcp-reset ]\u003c/code\u003e\u003cbr/\u003e"
}
],
"value": "To be exposed to this issue a configuration utilizing an IPv6 firewall filter with the tcp-reset option like the following needs to be present:\n\n [ firewall family inet6 filter \u003cfilter name\u003e term \u003cterm name\u003e match payload-protocol ]\n [ firewall family inet6 filter \u003cfilter name\u003e term \u003cterm name\u003e then reject tcp-reset ]\n"
}
],
"datePublic": "2024-01-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device.\u003c/p\u003e\u003cp\u003eIf the \"tcp-reset\" option is added to the \"reject\" action in an IPv6 filter which matches on \"payload-protocol\", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a \"next-header\" match to avoid this filter bypass.\u003c/p\u003e\u003cp\u003eThis issue doesn\u0027t affect IPv4 firewall filters.\u003c/p\u003e\u003cp\u003eThis issue affects Juniper Networks Junos OS on MX Series and EX9200 Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 20.4R3-S7;\u003c/li\u003e\u003cli\u003e21.1 versions earlier than 21.1R3-S5;\u003c/li\u003e\u003cli\u003e21.2 versions earlier than 21.2R3-S5;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S4;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S4;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S2;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S2;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R2-S2, 22.3R3;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nAn Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device.\n\nIf the \"tcp-reset\" option is added to the \"reject\" action in an IPv6 filter which matches on \"payload-protocol\", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a \"next-header\" match to avoid this filter bypass.\n\nThis issue doesn\u0027t affect IPv4 firewall filters.\n\nThis issue affects Juniper Networks Junos OS on MX Series and EX9200 Series:\n\n\n\n * All versions earlier than 20.4R3-S7;\n * 21.1 versions earlier than 21.1R3-S5;\n * 21.2 versions earlier than 21.2R3-S5;\n * 21.3 versions earlier than 21.3R3-S4;\n * 21.4 versions earlier than 21.4R3-S4;\n * 22.1 versions earlier than 22.1R3-S2;\n * 22.2 versions earlier than 22.2R3-S2;\n * 22.3 versions earlier than 22.3R2-S2, 22.3R3;\n * 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-447",
"description": "CWE-447 Unimplemented or Unsupported Feature in UI",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T00:55:07.323Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA75748"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S7, 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R1-S2, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S7, 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R1-S2, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA75748",
"defect": [
"1689224"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-10T17:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS: MX Series and EX9200 Series: If the \"tcp-reset\" option used in an IPv6 filter, matched packets are accepted instead of rejected",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA workarounds is to replace the payload-protocol match with a next-header match like in the following example:\u003c/p\u003e\u003ccode\u003e [ firewall family inet6 filter \u0026lt;filter name\u0026gt; term \u0026lt;term name\u0026gt; match next-header]\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e [ firewall family inet6 filter \u0026lt;filter name\u0026gt; term \u0026lt;term name\u0026gt; then reject tcp-reset ]\u003c/code\u003e\u003cbr/\u003e"
}
],
"value": "A workarounds is to replace the payload-protocol match with a next-header match like in the following example:\n\n [ firewall family inet6 filter \u003cfilter name\u003e term \u003cterm name\u003e match next-header]\n [ firewall family inet6 filter \u003cfilter name\u003e term \u003cterm name\u003e then reject tcp-reset ]\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-21607",
"datePublished": "2024-01-12T00:55:07.323Z",
"dateReserved": "2023-12-27T19:38:25.708Z",
"dateUpdated": "2025-06-17T21:09:19.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA75748\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\", \"tags\": [\"technical-description\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:27:35.403Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21607\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-12T15:43:36.508647Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-17T21:07:46.615Z\"}}], \"cna\": {\"title\": \"Junos OS: MX Series and EX9200 Series: If the \\\"tcp-reset\\\" option used in an IPv6 filter, matched packets are accepted instead of rejected\", \"source\": {\"defect\": [\"1689224\"], \"advisory\": \"JSA75748\", \"discovery\": \"USER\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"20.4R3-S7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.1\", \"lessThan\": \"21.1R3-S5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.2\", \"lessThan\": \"21.2R3-S5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.3\", \"lessThan\": \"21.3R3-S4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.4\", \"lessThan\": \"21.4R3-S4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.1\", \"lessThan\": \"22.1R3-S2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.2\", \"lessThan\": \"22.2R3-S2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.3\", \"lessThan\": \"22.3R2-S2, 22.3R3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.4\", \"lessThan\": \"22.4R1-S2, 22.4R2-S2, 22.4R3\", \"versionType\": \"semver\"}], \"platforms\": [\"MX Series\", \"EX9200 Series\"], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e\", \"base64\": false}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-01-10T17:00:00.000Z\", \"value\": \"Initial Publication\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S7, 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R1-S2, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S7, 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R1-S2, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases.\u003c/p\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-01-10T17:00:00.000Z\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA75748\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\", \"tags\": [\"technical-description\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"A workarounds is to replace the payload-protocol match with a next-header match like in the following example:\\n\\n [ firewall family inet6 filter \u003cfilter name\u003e term \u003cterm name\u003e match next-header]\\n [ firewall family inet6 filter \u003cfilter name\u003e term \u003cterm name\u003e then reject tcp-reset ]\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eA workarounds is to replace the payload-protocol match with a next-header match like in the following example:\u003c/p\u003e\u003ccode\u003e [ firewall family inet6 filter \u0026lt;filter name\u0026gt; term \u0026lt;term name\u0026gt; match next-header]\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e [ firewall family inet6 filter \u0026lt;filter name\u0026gt; term \u0026lt;term name\u0026gt; then reject tcp-reset ]\u003c/code\u003e\u003cbr/\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-av217\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nAn Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device.\\n\\nIf the \\\"tcp-reset\\\" option is added to the \\\"reject\\\" action in an IPv6 filter which matches on \\\"payload-protocol\\\", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a \\\"next-header\\\" match to avoid this filter bypass.\\n\\nThis issue doesn\u0027t affect IPv4 firewall filters.\\n\\nThis issue affects Juniper Networks Junos OS on MX Series and EX9200 Series:\\n\\n\\n\\n * All versions earlier than 20.4R3-S7;\\n * 21.1 versions earlier than 21.1R3-S5;\\n * 21.2 versions earlier than 21.2R3-S5;\\n * 21.3 versions earlier than 21.3R3-S4;\\n * 21.4 versions earlier than 21.4R3-S4;\\n * 22.1 versions earlier than 22.1R3-S2;\\n * 22.2 versions earlier than 22.2R3-S2;\\n * 22.3 versions earlier than 22.3R2-S2, 22.3R3;\\n * 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.\\n\\n\\n\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cp\u003eAn Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device.\u003c/p\u003e\u003cp\u003eIf the \\\"tcp-reset\\\" option is added to the \\\"reject\\\" action in an IPv6 filter which matches on \\\"payload-protocol\\\", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a \\\"next-header\\\" match to avoid this filter bypass.\u003c/p\u003e\u003cp\u003eThis issue doesn\u0027t affect IPv4 firewall filters.\u003c/p\u003e\u003cp\u003eThis issue affects Juniper Networks Junos OS on MX Series and EX9200 Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 20.4R3-S7;\u003c/li\u003e\u003cli\u003e21.1 versions earlier than 21.1R3-S5;\u003c/li\u003e\u003cli\u003e21.2 versions earlier than 21.2R3-S5;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S4;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S4;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S2;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S2;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R2-S2, 22.3R3;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-447\", \"description\": \"CWE-447 Unimplemented or Unsupported Feature in UI\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"To be exposed to this issue a configuration utilizing an IPv6 firewall filter with the tcp-reset option like the following needs to be present:\\n\\n [ firewall family inet6 filter \u003cfilter name\u003e term \u003cterm name\u003e match payload-protocol ]\\n [ firewall family inet6 filter \u003cfilter name\u003e term \u003cterm name\u003e then reject tcp-reset ]\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eTo be exposed to this issue a configuration utilizing an IPv6 firewall filter with the tcp-reset option like the following needs to be present:\u003c/p\u003e\u003ccode\u003e [ firewall family inet6 filter \u0026lt;filter name\u0026gt; term \u0026lt;term name\u0026gt; match payload-protocol ]\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e [ firewall family inet6 filter \u0026lt;filter name\u0026gt; term \u0026lt;term name\u0026gt; then reject tcp-reset ]\u003c/code\u003e\u003cbr/\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2024-01-12T00:55:07.323Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-21607\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-17T21:09:19.924Z\", \"dateReserved\": \"2023-12-27T19:38:25.708Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2024-01-12T00:55:07.323Z\", \"assignerShortName\": \"juniper\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…