CVE-2024-47502

Name of the Vulnerable Software and Affected Versions Junos OS Evolved versions prior to 21.4R3-S9-EVO Junos OS Evolved versions 22.2 prior to 22.2R3-S4-EVO Junos OS Evolved version 22.4 prior to 22.4R3-S3-EVO Junos OS Evolved versions 23.2 prior to 23.2R2-S1-EVO Junos OS Evolved versions 23.4 prior to 23.4R2-EVO

Description The issue is related to an Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved, allowing an unauthenticated, network-based attacker to cause a Denial of Service (DoS). This occurs because the state of TCP sessions that are terminated is not cleared, leading to an exhaustion of resources over time and preventing new connections to the control plane from being established. The problem can be identified by a continuously increasing number of connections shown by the show system connections command. This issue only affects IPv4 and TCP sessions established in-band, but not out-of-band.

Recommendations For Junos OS Evolved versions prior to 21.4R3-S9-EVO, update to version 21.4R3-S9-EVO or later. For Junos OS Evolved versions 22.2 prior to 22.2R3-S4-EVO, update to version 22.2R3-S4-EVO or later. For Junos OS Evolved version 22.4 prior to 22.4R3-S3-EVO, update to version 22.4R3-S3-EVO or later. For Junos OS Evolved versions 23.2 prior to 23.2R2-S1-EVO, update to version 23.2R2-S1-EVO or later. For Junos OS Evolved versions 23.4 prior to 23.4R2-EVO, update to version 23.4R2-EVO or later. As a temporary workaround, consider restarting the respective RE manually to recover from the issue.