vulnerability

Juniper Junos OS: 2024-01 Security Bulletin: Junos OS: MX Series: In an AF scenario traffic can bypass configured lo0 firewall filters (JSA75738) (CVE-2024-21597)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Jan 10, 2024	Jan 11, 2024	Aug 11, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Jan 10, 2024

Added

Jan 11, 2024

Modified

Aug 11, 2025

Description

An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions.

In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context.

This issue affects Juniper Networks Junos OS on MX Series:

* All versions earlier than 20.4R3-S9;
* 21.2 versions earlier than 21.2R3-S3;
* 21.4 versions earlier than 21.4R3-S5;
* 22.1 versions earlier than 22.1R3;
* 22.2 versions earlier than 22.2R3;
* 22.3 versions earlier than 22.3R2.

Solution

juniper-junos-os-upgrade-latest

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today