CVE-2024-47489 — MEDIUM (5.8)

Q: How severe is CVE-2024-47489?

CVE-2024-47489 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-47489?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos Os Evolved, Juniper Acx5448, Juniper Acx5448-D, Juniper Acx5448-M, Juniper Acx7020.

Vulnerability Description

An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service (DoS) to downstream devices. Receipt of specific transit protocol packets is incorrectly processed by the Routing Engine (RE), filling up the DDoS protection queue which is shared between routing protocols. This influx of transit protocol packets causes DDoS protection violations, resulting in protocol flaps which can affect connectivity to networking devices. This issue affects both IPv4 and IPv6. This issue does not require any specific routing protocol to be configured or enabled. The following commands can be used to monitor the DDoS protection queue: labuser@re0> show evo-pfemand host pkt-stats labuser@re0> show host-path ddos all-policers This issue affects Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.3 before 22.3R3-S4-EVO, * from 22.4 before 22.4R3-S3-EVO, * from 23.2 before 23.2R2-EVO, * from 23.4 before 23.4R1-S1-EVO, 23.4R2-EVO, * from 24.2 before 24.2R2-EVO.

CVSS Score

5.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Juniper	Junos Os Evolved	< 21.4
Juniper	Acx5448	-
Juniper	Acx5448-D	-
Juniper	Acx5448-M	-
Juniper	Acx7020	-
Juniper	Acx7024	-
Juniper	Acx7024X	-
Juniper	Acx710	-
Juniper	Acx7100	-
Juniper	Acx7300	-
Juniper	Acx7509	-

Related Weaknesses (CWE)

CWE-755

References

https://supportportal.juniper.net/Permissions Required

FAQ

What is CVE-2024-47489?

CVE-2024-47489 is a vulnerability with a CVSS score of 5.8 (MEDIUM). An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network bas...

How severe is CVE-2024-47489?

CVE-2024-47489 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-47489?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos Os Evolved, Juniper Acx5448, Juniper Acx5448-D, Juniper Acx5448-M, Juniper Acx7020.