Juniper PFE DoS via Improper Channel Restriction in Junos OS Evolved ACX 7000 Series
CVE-2024-47490 Published on October 11, 2024
Junos OS Evolved: ACX 7000 Series: Receipt of specific transit MPLS packets causes resources to be exhausted
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS).
When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the Routing Engine (RE), rather than being handled appropriately. Continuous receipt of these MPLS packets causes resources to be exhausted. MPLS config is not required to be affected by this issue.
This issue affects Junos OS Evolved ACX 7000 Series:
* All versions before 21.4R3-S9-EVO,
* 22.2-EVO before 22.2R3-S4-EVO,
* 22.3-EVO before 22.3R3-S3-EVO,
* 22.4-EVO before 22.4R3-S2-EVO,
* 23.2-EVO before 23.2R2-EVO,
* 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.
Vulnerability Analysis
CVE-2024-47490 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and a high impact on availability.
Weakness Type
Improper Restriction of Communication Channel to Intended Endpoints
The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
Products Associated with CVE-2024-47490
Want to know whenever a new CVE is published for Juniper Networks Junos Os Evolved? stack.watch will email you.
Affected Versions
Juniper Networks Junos OS Evolved:- Before 21.4R3-S9-EVO is affected.
- Version 22.2-EVO and below 22.2R3-S4-EVO is affected.
- Version 22.3-EVO and below 22.3R3-S3-EVO is affected.
- Version 22.4-EVO and below 22.4R3-S2-EVO is affected.
- Version 23.2-EVO and below 23.2R2-EVO is affected.
- Version 23.4-EVO and below 23.4R1-S1-EVO, 23.4R2-EVO is affected.
- Before 21.4r3-s9-evo is affected.
- Version 22.2 and below 22.2r3-s4-evo is affected.
- Version 22.3 and below 22.3r3-s3-evo is affected.
- Version 22.4 and below 22.4r3-s2-evo is affected.
- Version 23.2 and below 23.2r2-evo is affected.
- Version 23.4 and below 23.4r1-s1-evo is affected.
- Version 23.4 and below 23.4r2-evo is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.