Rapid7 Vulnerability & Exploit Database

Juniper Junos OS: Firewall terms might not be evaluated sequentially (JSA10313)

Back to Search

Juniper Junos OS: Firewall terms might not be evaluated sequentially (JSA10313)

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
03/01/2003
Created
07/25/2018
Added
05/07/2014
Modified
05/07/2014

Description

When a firewall filter term includes the from address match condition and a subsequent term includes the from source-address match condition for the same address, packets might be processed by the latter term before they are evaluated by any intervening terms. Therefore, packets that should be rejected by the intervening terms may be accepted, or packets that should be accepted may be rejected.

Solution(s)

  • juniper-junos-os-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;