Test ID:	1.3.6.1.4.1.25623.1.0.105940
Category:	JunOS Local Security Checks
Title:	Juniper Networks Junos OS Firewall Bypass Vulnerability
Summary:	Junos with the Trio-based PFE modules are affected from a;security bybass vulnerability.
Description:	Summary: Junos with the Trio-based PFE modules are affected from a security bybass vulnerability. Vulnerability Insight: When configuring a stateless firewall filter on a system with Trio-based PFE modules (e.g. MX Series), any source or destination port matching condition may fail to match intended packets, causing the filter to not execute the actions specified in the 'then' clause. Depending on the intent and design of the interface filter, this match failure may have unexpected impact on the router or follow-on filter clauses. For example, if traffic with a specific destination port was designed to be accepted, a later 'reject all' clause may inadvertently discard wanted traffic. Conversely, if certain destination ports are meant to be dropped, malicious traffic may be consumed by the RE or forwarded on to downstream routers. Vulnerability Impact: An attacker can bybass certain security restrictions and perform unauthorized actions which may lead to further attacks. Affected Software/OS: Junos OS 13.3 and 14.1 Solution: Update to Junos OS 13.3R3-S3, 13.3R4, 14.1R3, 14.2R1, or any subsequent releases. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-6383 BugTraq ID: 72071 http://www.securityfocus.com/bid/72071 http://www.securitytracker.com/id/1031549
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.