PT-2024-7145 · Juniper Networks · Junos Evolved

Published

2024-09-25

·

Updated

2024-10-15

·

CVE-2024-47498

CVSS v4.0

7.1

High

VectorAV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions Junos OS Evolved on QFX5000 Series versions prior to 21.4R3-S8-EVO Junos OS Evolved on QFX5000 Series 22.2-EVO versions prior to 22.2R3-S5-EVO Junos OS Evolved on QFX5000 Series 22.4-EVO versions prior to 22.4R3-EVO Junos OS Evolved on QFX5000 Series 23.2-EVO versions prior to 23.2R2-EVO
Description The issue affects the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series, allowing an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). Several configuration statements meant to enforce limits on MAC learning and moves can be configured but do not take effect, leading to control plane overload situations that severely impact the device's ability to process legitimate traffic.
Recommendations For Junos OS Evolved on QFX5000 Series versions prior to 21.4R3-S8-EVO, update to version 21.4R3-S8-EVO or later. For Junos OS Evolved on QFX5000 Series 22.2-EVO versions prior to 22.2R3-S5-EVO, update to version 22.2R3-S5-EVO or later. For Junos OS Evolved on QFX5000 Series 22.4-EVO versions prior to 22.4R3-EVO, update to version 22.4R3-EVO or later. For Junos OS Evolved on QFX5000 Series 23.2-EVO versions prior to 23.2R2-EVO, update to version 23.2R2-EVO or later.

Fix

Improper Resource Release

Weakness Enumeration

CWE-404

Related Identifiers

BDU:2024-08477
CVE-2024-47498

Affected Products

Junos Evolved