CVE-2024-47490

EPSS 0.4%
Published 11.10.2024 16:15:08
Last modified 15.10.2024 12:58:51
Source sirt@juniper.net
Teams watchlist Login
Open Login

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS).

When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the Routing Engine (RE), rather than being handled appropriately. Continuous receipt of these MPLS packets causes resources to be exhausted. MPLS config is not required to be affected by this issue. 


This issue affects Junos OS Evolved ACX 7000 Series: 



  *  All versions before 21.4R3-S9-EVO,
  *  22.2-EVO before 22.2R3-S4-EVO, 
  *  22.3-EVO before 22.3R3-S3-EVO, 
  *  22.4-EVO before 22.4R3-S2-EVO, 
  *  23.2-EVO before 23.2R2-EVO, 
  *  23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Vendorjuniper

≫

Product junos_evolved

Default Statusunaffected

Version < 21.4r3-s9-evo

Version 0

Status affected

Version < 22.2r3-s4-evo

Version 22.2

Status affected

Version < 22.3r3-s3-evo

Version 22.3

Status affected

Version < 22.4r3-s2-evo

Version 22.4

Status affected

Version < 23.2r2-evo

Version 23.2

Status affected

Version < 23.4r1-s1-evo

Version 23.4

Status affected

Version < 23.4r2-evo

Version 23.4

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.4%	0.6

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
sirt@juniper.net	7.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
sirt@juniper.net	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-923 Improper Restriction of Communication Channel to Intended Endpoints

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

https://supportportal.juniper.net/JSA83009

https://nvd.nist.gov/vuln/detail/CVE-2024-47490

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47490

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47490

EUVD