Main Vulnerability Database SB2024101023

SB2024101023 - Denial of service in Junos OS Evolved MAC learning and move limits

Published: October 10, 2024

Security Bulletin ID SB2024101023

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Unimplemented or Unsupported Feature in UI (CVE-ID: CVE-2024-47498)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect implementation of the MAC learning and moves feature. Several configuration statements meant to enforce limits on MAC learning and moves can be configured but do not take effect. This can lead to control plane overload situations which will severely impact the ability of the device to processes legitimate traffic. A remote attacker on the local network can perform a denial of service (DoS) attack.

The vulnerability affects QFX5000 Series routers.

Remediation

Install update from vendor's website.

References

https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-QFX5000-Series-Configured-MAC-learning-and-move-limits-are-not-in-effect-CVE-2024-47498