QID 44161

Juniper Junos is the network operating system used in Juniper Networks hardware systems.

An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device.
If the tcp-reset option is added to the reject action in an IPv6 filter which matches on payload-protocol, packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action.

Note:
This issue doesn't affect IPv4 firewall filters..
To be exposed to this issue a configuration utilizing an IPv6 firewall filter with the tcp-reset.

This issue affects Juniper Networks Junos OS EX9200 Series, MX Series.
All versions earlier than 20.4R3-S7
21.1 versions earlier than 21.1R3-S5
21.2 versions earlier than 21.2R3-S5
21.3 versions earlier than 21.3R3-S4
21.4 versions earlier than 21.4R3-S4
22.1 versions earlier than 22.1R3-S2
22.2 versions earlier than 22.2R3-S2
22.3 versions earlier than 22.3R2-S2, 22.3R3
22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3

QID detection logic: (Authenticated)

It checks for vulnerable Junos OS version.

Successful exploitation of this vulnerability allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device.