CVE-2024-30391

CVE-2024-30391 is a medium-severity vulnerability in Juniper Junos with a CVSS 3.x base score of 4.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-306.

Key facts

Description

A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed. This issue affects Junos OS: * All versions before 20.4R3-S7, * 21.1 versions before 21.1R3,  * 21.2 versions before 21.2R2-S1, 21.2R3,  * 21.3 versions before 21.3R1-S2, 21.3R2.

Frequently asked questions

What is CVE-2024-30391?
A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed. This issue affects Junos OS: * All versions before 20.4R3-S7, * 21.1 versions before 21.1R3,  * 21.2 versions before 21.2R2-S1, 21.2R3,  * 21.3 versions before 21.3R1-S2, 21.3R2.
How severe is CVE-2024-30391?
CVE-2024-30391 has a CVSS 3.x base score of 4.8, rated medium severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity low, and availability low.
Is CVE-2024-30391 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (35th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2024-30391?
CVE-2024-30391 primarily affects Juniper Junos. In total, 28 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2024-30391?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2024-30391 have an EU (EUVD) identifier?
Yes. CVE-2024-30391 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-28312.
When was CVE-2024-30391 published?
CVE-2024-30391 was published on 2024-04-12 and last updated on 2026-06-17.

References

Affected products (28)

More vulnerabilities in Juniper Junos

All CVEs affecting Juniper Junos →

Other CWE-306 (Missing Authentication for Critical Function) vulnerabilities

Browse all CWE-306 (Missing Authentication for Critical Function) vulnerabilities →