#VU98350 Unimplemented or Unsupported Feature in UI in Junos OS Evolved - CVE-2024-47498

Cybersecurity Help s.r.o.

Published: 2024-10-10

Vulnerability identifier: #VU98350

Vulnerability risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-47498

CWE-ID: CWE-447

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Junos OS Evolved
Operating systems & Components / Operating system

Vendor: Juniper Networks, Inc.

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect implementation of the MAC learning and moves feature. Several configuration statements meant to enforce limits on MAC learning and moves can be configured but do not take effect. This can lead to control plane overload situations which will severely impact the ability of the device to processes legitimate traffic. A remote attacker on the local network can perform a denial of service (DoS) attack.

The vulnerability affects QFX5000 Series routers.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Junos OS Evolved: 21.4R1-EVO - 21.4R3-S7-EVO, 22.2-EVO - 22.2R3-S4-EVO, 22.4R1-EVO - 22.4R2-S2-EVO, 23.2R1-EVO - 23.2R1-S2-EVO

External links
https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-QFX5000-Series-Configured-MAC-learning-and-move-limits-are-not-in-effect-CVE-2024-47498

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Junos OS Evolved MAC learning and move limits