When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will match all packets leading to unexpected results. Affected releases are Juniper Networks Junos OS: All versions prior to and including 12.3; 14.1X53 versions before 14.1X53-D130, 14.1X53-D49; 15.1 versions before 15.1F6-S12, 15.1R7-S4; 15.1X49 versions before 15.1X49-D161, 15.1X49-D170; 15.1X53 versions before 15.1X53-D236, 15.1X53-D496, 15.1X53-D69; 16.1 versions before 16.1R7-S4, 16.1R7-S5; 16.2 versions before 16.2R2-S9; 17.1 versions before 17.1R3; 17.2 versions before 17.2R1-S8, 17.2R3-S1; 17.3 versions before 17.3R3-S4; 17.4 versions before 17.4R1-S7, 17.4R2-S3; 18.1 versions before 18.1R2-S4, 18.1R3-S4; 18.2 versions before 18.2R1-S5, 18.2R2-S1; 18.2X75 versions before 18.2X75-D40; 18.3 versions before 18.3R1-S3; 18.4 versions before 18.4R1-S1, 18.4R1-S2.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
juniper junos 15.1f6-s4 |
||
juniper junos 15.1f6-s5 |
||
juniper junos 15.1f6-s6 |
||
juniper junos 15.1f6-s7 |
||
juniper junos 15.1 |
||
juniper junos 15.1f6-s2 |
||
juniper junos 15.1f6-s9 |
||
juniper junos 15.1f6-s11 |
||
juniper junos 15.1f6-s1 |
||
juniper junos 15.1f6-s8 |
||
juniper junos 15.1f6-s10 |
||
juniper junos 15.1x49 |
||
juniper junos 15.1x53 |
||
juniper junos 16.1 |
||
juniper junos 17.3 |
||
juniper junos 17.2 |
||
juniper junos 17.4 |
||
juniper junos 18.1 |
||
juniper junos 18.2 |
||
juniper junos 18.3 |
||
juniper junos 18.2x75 |
||
juniper junos |
||
juniper junos 14.1x53 |
||
juniper junos 18.4 |
Vulmon