CVE-2024-47498
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).
Several configuration statements meant to enforce limits on MAC learning and moves can be configured but do not take effect. This can lead to control plane overload situations which will severely impact the ability of the device to processes legitimate traffic.
This issue affects Junos OS Evolved on QFX5000 Series:
All versions before 21.4R3-S8-EVO,
22.2-EVO versions before 22.2R3-S5-EVO,
22.4-EVO versions before 22.4R3-EVO,
23.2-EVO versions before 23.2R2-EVO.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS Evolved | 0 < 21.4R3-S8-EVO | affected |
| Juniper Networks | Junos OS Evolved | 22.2-EVO < 22.2R3-S5-EVO | affected |
| Juniper Networks | Junos OS Evolved | 22.4-EVO < 22.4R3-EVO | affected |
| Juniper Networks | Junos OS Evolved | 23.2-EVO < 23.2R2-EVO | affected |
Weaknesses
- CWE 447 Unimplemented or Unsupported Feature in UI
Workarounds
There are no known workarounds for this issue.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.