Main Vulnerability Database Vulnerabilities #VU98350

#VU98350 Unimplemented or Unsupported Feature in UI in Junos OS Evolved - CVE-2024-47498

Published: October 10, 2024

Vulnerability identifier: #VU98350

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-47498

CWE-ID: CWE-447

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Junos OS Evolved

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect implementation of the MAC learning and moves feature. Several configuration statements meant to enforce limits on MAC learning and moves can be configured but do not take effect. This can lead to control plane overload situations which will severely impact the ability of the device to processes legitimate traffic. A remote attacker on the local network can perform a denial of service (DoS) attack.

The vulnerability affects QFX5000 Series routers.

Remediation

Install updates from vendor's website.

External links

https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-QFX5000-Series-Configured-MAC-learning-and-move-limits-are-not-in-effect-CVE-2024-47498

#VU98350 Unimplemented or Unsupported Feature in UI in Junos OS Evolved - CVE-2024-47498

Description

Remediation

External links

Please verify you're human