Denial of service in Junos OS Evolved MAC learning and move limits

1) Unimplemented or Unsupported Feature in UI

EUVDB-ID: #VU98350

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-47498

CWE-ID: CWE-447 - Unimplemented or Unsupported Feature in UI

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect implementation of the MAC learning and moves feature. Several configuration statements meant to enforce limits on MAC learning and moves can be configured but do not take effect. This can lead to control plane overload situations which will severely impact the ability of the device to processes legitimate traffic. A remote attacker on the local network can perform a denial of service (DoS) attack.

The vulnerability affects QFX5000 Series routers.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Junos OS Evolved: 21.4R1-EVO - 23.2R1-S2-EVO

CPE2.3

• cpe:2.3:o:juniper_networks:junos_os_evolved:21.4R3-S7-EVO:*:*:*:*:*:*:*
• cpe:2.3:o:juniper_networks:junos_os_evolved:22.2R3-S4-EVO:*:*:*:*:*:*:*
• cpe:2.3:o:juniper_networks:junos_os_evolved:22.4R2-S2-EVO:*:*:*:*:*:*:*
• cpe:2.3:o:juniper_networks:junos_os_evolved:23.2R1-S2-EVO:*:*:*:*:*:*:*

External links

http://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-QFX5000-Series-Configured-MAC-learning-and-move-limits-are-not-in-effect-CVE-2024-47498

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.