CVE-2024-47490 — Improper Restriction of Communication Channel to Intended Endpoints in Networks Junos OS Evolved

CWE-923 — Improper Restriction of Communication Channel to Intended Endpoints4 documents4 sources

Severity

7.7HIGHNVD

EPSS

0.2%

top 55.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedOct 11

Description

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS). When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the Routing Engine (RE), rather than being handled appropriately. Contin…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os_evolved22.2-EVO — 22.2R3-S4-EVO+5

▶NVDjuniper/junos_os_evolved< 21.4+6

🔴Vulnerability Details

CVEList

Junos OS Evolved: ACX 7000 Series: Receipt of specific transit MPLS packets causes resources to be exhausted↗2024-10-11

▶

GHSA

GHSA-r892-94gp-v735: An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos O↗2024-10-11

▶

📋Vendor Advisories

Juniper

CVE-2024-47490: An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos O↗2024-10-11

▶