Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.105940
Kategorie:JunOS Local Security Checks
Titel:Junos Firewall Bypass Vulnerability
Zusammenfassung:Junos with the Trio-based PFE modules are affected from a;security bybass vulnerability.
Beschreibung:Summary:
Junos with the Trio-based PFE modules are affected from a
security bybass vulnerability.

Vulnerability Insight:
When configuring a stateless firewall filter on a system
with Trio-based PFE modules (e.g. MX Series), any source or destination port matching condition
may fail to match intended packets, causing the filter to not execute the actions specified in
the 'then' clause. Depending on the intent and design of the interface filter, this match failure
may have unexpected impact on the router or follow-on filter clauses. For example, if traffic with
a specific destination port was designed to be accepted, a later 'reject all' clause may inadvertently
discard wanted traffic. Conversely, if certain destination ports are meant to be dropped, malicious
traffic may be consumed by the RE or forwarded on to downstream routers.

Vulnerability Impact:
An attacker can bybass certain security restrictions and
perform unauthorized actions which may lead to further attacks.

Affected Software/OS:
Junos OS 13.3 and 14.1

Solution:
Update to Junos OS OS 13.3R3-S3, 13.3R4, 14.1R3, 14.2R1, or
any subsequent releases.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Querverweis: BugTraq ID: 72071
Common Vulnerability Exposure (CVE) ID: CVE-2014-6383
http://www.securityfocus.com/bid/72071
http://www.securitytracker.com/id/1031549
CopyrightThis script is Copyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.