{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47490", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2024-09-25T15:26:52.608Z", "datePublished": "2024-10-11T15:22:39.517Z", "dateUpdated": "2024-10-11T17:57:25.544Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["ACX 7000 Series"], "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.4R3-S9-EVO", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "22.2R3-S4-EVO", "status": "affected", "version": "22.2-EVO", "versionType": "semver"}, {"lessThan": "22.3R3-S3-EVO", "status": "affected", "version": "22.3-EVO", "versionType": "semver"}, {"lessThan": "22.4R3-S2-EVO", "status": "affected", "version": "22.4-EVO", "versionType": "semver"}, {"lessThan": "23.2R2-EVO", "status": "affected", "version": "23.2-EVO", "versionType": "semver"}, {"lessThan": "23.4R1-S1-EVO, 23.4R2-EVO", "status": "affected", "version": "23.4-EVO", "versionType": "semver"}]}], "datePublic": "2024-10-09T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE<span style=\"background-color: rgb(255, 255, 255);\">)&nbsp;</span>of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS).</p><p>When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the Routing Engine (RE), rather than being handled appropriately. Continuous receipt of these MPLS packets causes resources to be exhausted. MPLS config is not required to be affected by this issue.&nbsp;<span style=\"background-color: var(--wht);\"><br></span></p><p>This issue affects Junos OS Evolved ACX 7000 Series:&nbsp;</p><p></p><ul><li>All versions before 21.4R3-S9-EVO,</li><li>22.2-EVO before 22.2R3-S4-EVO,&nbsp;</li><li>22.3-EVO before 22.3R3-S3-EVO,&nbsp;</li><li>22.4-EVO before 22.4R3-S2-EVO,&nbsp;</li><li>23.2-EVO before 23.2R2-EVO,&nbsp;</li><li>23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.</li></ul>"}], "value": "An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE)\u00a0of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS).\n\nWhen specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the Routing Engine (RE), rather than being handled appropriately. Continuous receipt of these MPLS packets causes resources to be exhausted. MPLS config is not required to be affected by this issue.\u00a0\n\n\nThis issue affects Junos OS Evolved ACX 7000 Series:\u00a0\n\n\n\n * All versions before 21.4R3-S9-EVO,\n * 22.2-EVO before 22.2R3-S4-EVO,\u00a0\n * 22.3-EVO before 22.3R3-S3-EVO,\u00a0\n * 22.4-EVO before 22.4R3-S2-EVO,\u00a0\n * 23.2-EVO before 23.2R2-EVO,\u00a0\n * 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-923", "description": "CWE-923 An Improper Restriction of Communication Channel to Intended Endpoints vulnerability", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-10-11T15:22:39.517Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA83009"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: <br><br>Junos OS Evolved: 21.4R3-S9-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS Evolved: 21.4R3-S9-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."}], "source": {"advisory": "JSA88115", "defect": ["1786574"], "discovery": "USER"}, "title": "Junos OS Evolved: ACX 7000 Series: Receipt of specific transit MPLS packets causes resources to be exhausted", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue."}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "juniper", "product": "junos_evolved", "cpes": ["cpe:2.3:o:juniper:junos_evolved:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "21.4r3-s9-evo", "versionType": "semver"}, {"version": "22.2", "status": "affected", "lessThan": "22.2r3-s4-evo", "versionType": "semver"}, {"version": "22.3", "status": "affected", "lessThan": "22.3r3-s3-evo", "versionType": "semver"}, {"version": "22.4", "status": "affected", "lessThan": "22.4r3-s2-evo", "versionType": "semver"}, {"version": "23.2", "status": "affected", "lessThan": "23.2r2-evo", "versionType": "semver"}, {"version": "23.4", "status": "affected", "lessThan": "23.4r1-s1-evo", "versionType": "semver"}, {"version": "23.4", "status": "affected", "lessThan": "23.4r2-evo", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-11T17:54:42.838501Z", "id": "CVE-2024-47490", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T17:57:25.544Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47490", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-11T17:54:42.838501Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:juniper:junos_evolved:*:*:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos_evolved", "versions": [{"status": "affected", "version": "0", "lessThan": "21.4r3-s9-evo", "versionType": "semver"}, {"status": "affected", "version": "22.2", "lessThan": "22.2r3-s4-evo", "versionType": "semver"}, {"status": "affected", "version": "22.3", "lessThan": "22.3r3-s3-evo", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4r3-s2-evo", "versionType": "semver"}, {"status": "affected", "version": "23.2", "lessThan": "23.2r2-evo", "versionType": "semver"}, {"status": "affected", "version": "23.4", "lessThan": "23.4r1-s1-evo", "versionType": "semver"}, {"status": "affected", "version": "23.4", "lessThan": "23.4r2-evo", "versionType": "semver"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T17:57:11.147Z"}}], "cna": {"title": "Junos OS Evolved: ACX 7000 Series: Receipt of specific transit MPLS packets causes resources to be exhausted", "source": {"defect": ["1786574"], "advisory": "JSA88115", "discovery": "USER"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS Evolved", "versions": [{"status": "affected", "version": "0", "lessThan": "21.4R3-S9-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.2-EVO", "lessThan": "22.2R3-S4-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.3-EVO", "lessThan": "22.3R3-S3-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.4-EVO", "lessThan": "22.4R3-S2-EVO", "versionType": "semver"}, {"status": "affected", "version": "23.2-EVO", "lessThan": "23.2R2-EVO", "versionType": "semver"}, {"status": "affected", "version": "23.4-EVO", "lessThan": "23.4R1-S1-EVO, 23.4R2-EVO", "versionType": "semver"}], "platforms": ["ACX 7000 Series"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS Evolved: 21.4R3-S9-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: <br><br>Junos OS Evolved: 21.4R3-S9-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.", "base64": false}]}], "datePublic": "2024-10-09T16:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/JSA83009", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue.", "supportingMedia": [{"type": "text/html", "value": "There are no known workarounds for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE)\u00a0of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS).\n\nWhen specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the Routing Engine (RE), rather than being handled appropriately. Continuous receipt of these MPLS packets causes resources to be exhausted. MPLS config is not required to be affected by this issue.\u00a0\n\n\nThis issue affects Junos OS Evolved ACX 7000 Series:\u00a0\n\n\n\n * All versions before 21.4R3-S9-EVO,\n * 22.2-EVO before 22.2R3-S4-EVO,\u00a0\n * 22.3-EVO before 22.3R3-S3-EVO,\u00a0\n * 22.4-EVO before 22.4R3-S2-EVO,\u00a0\n * 23.2-EVO before 23.2R2-EVO,\u00a0\n * 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.", "supportingMedia": [{"type": "text/html", "value": "<p>An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE<span style=\"background-color: rgb(255, 255, 255);\">)&nbsp;</span>of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS).</p><p>When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the Routing Engine (RE), rather than being handled appropriately. Continuous receipt of these MPLS packets causes resources to be exhausted. MPLS config is not required to be affected by this issue.&nbsp;<span style=\"background-color: var(--wht);\"><br></span></p><p>This issue affects Junos OS Evolved ACX 7000 Series:&nbsp;</p><p></p><ul><li>All versions before 21.4R3-S9-EVO,</li><li>22.2-EVO before 22.2R3-S4-EVO,&nbsp;</li><li>22.3-EVO before 22.3R3-S3-EVO,&nbsp;</li><li>22.4-EVO before 22.4R3-S2-EVO,&nbsp;</li><li>23.2-EVO before 23.2R2-EVO,&nbsp;</li><li>23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.</li></ul>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-923", "description": "CWE-923 An Improper Restriction of Communication Channel to Intended Endpoints vulnerability"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-10-11T15:22:39.517Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47490", "state": "PUBLISHED", "dateUpdated": "2024-10-11T17:57:25.544Z", "dateReserved": "2024-09-25T15:26:52.608Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2024-10-11T15:22:39.517Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE)\u00a0of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS).\n\nWhen specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the Routing Engine (RE), rather than being handled appropriately. Continuous receipt of these MPLS packets causes resources to be exhausted. MPLS config is not required to be affected by this issue.\u00a0\n\n\nThis issue affects Junos OS Evolved ACX 7000 Series:\u00a0\n\n\n\n * All versions before 21.4R3-S9-EVO,\n * 22.2-EVO before 22.2R3-S4-EVO,\u00a0\n * 22.3-EVO before 22.3R3-S3-EVO,\u00a0\n * 22.4-EVO before 22.4R3-S2-EVO,\u00a0\n * 23.2-EVO before 23.2R2-EVO,\u00a0\n * 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO."}, {"lang": "es", "value": "Una vulnerabilidad de restricci\u00f3n inadecuada del canal de comunicaci\u00f3n a los endpoints previstos en el motor de reenv\u00edo de paquetes (PFE) de Juniper Networks Junos OS Evolved en la serie ACX 7000 permite que un atacante no autenticado basado en la red provoque un mayor consumo de recursos, lo que en \u00faltima instancia da como resultado una denegaci\u00f3n de servicio (DoS). Cuando el PFE recibe paquetes MPLS de tr\u00e1nsito espec\u00edficos, estos paquetes se reenv\u00edan internamente al motor de enrutamiento (RE), en lugar de manejarse adecuadamente. La recepci\u00f3n continua de estos paquetes MPLS hace que se agoten los recursos. No es necesario que la configuraci\u00f3n MPLS se vea afectada por este problema. Este problema afecta a Junos OS Evolved ACX 7000 Series: * Todas las versiones anteriores a 21.4R3-S9-EVO, * 22.2-EVO anterior a 22.2R3-S4-EVO, * 22.3-EVO anterior a 22.3R3-S3-EVO, * 22.4-EVO anterior a 22.4R3-S2-EVO, * 23.2-EVO anterior a 23.2R2-EVO, * 23.4-EVO anterior a 23.4R1-S1-EVO, 23.4R2-EVO."}], "id": "CVE-2024-47490", "lastModified": "2024-10-15T12:58:51.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2024-10-11T16:15:08.803", "references": [{"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA83009"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-923"}], "source": "sirt@juniper.net", "type": "Primary"}]}

{}