cve-2024-47498
Vulnerability from cvelistv5
Published
2024-10-11 15:30
Modified
2024-10-11 17:38
Summary
Junos OS Evolved: QFX5000 Series: Configured MAC learning and move limits are not in effect
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47498",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-11T17:37:51.441062Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-11T17:38:01.248Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "QFX5000 Series"
          ],
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.4R3-S8-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S5-EVO",
              "status": "affected",
              "version": "22.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-EVO",
              "status": "affected",
              "version": "22.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-EVO",
              "status": "affected",
              "version": "23.2-EVO",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A device is exposed to this issue if one or more of the following options are configured:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ switch-options interface-mac-limit ... ]\u003cbr\u003e[ switch-options interface \u0026lt;interface\u0026gt; interface-mac-limit ... ]\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e[ vlans \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026lt;vlan\u0026gt; \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eswitch-options interface \u0026lt;interface\u0026gt; interface-mac-limit ... ]\u003c/span\u003e\u003cbr\u003e\n\n[ vlans \u0026lt;vlan\u0026gt; switch-options mac-table-size ... ]\u003cbr\u003e[ protocols l2-learning global-mac-limit ... ]\u003cbr\u003e[ vlans \u0026lt;vlan\u0026gt; switch-options\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003emac-move-limit\u003c/span\u003e\u0026nbsp;drop/drop-and-log ]\u003cbr\u003e\u003cbr\u003e\u003c/tt\u003e"
            }
          ],
          "value": "A device is exposed to this issue if one or more of the following options are configured:\n\n[ switch-options interface-mac-limit ... ]\n[ switch-options interface \u003cinterface\u003e interface-mac-limit ... ]\n\n\n[ vlans \u003cvlan\u003e switch-options interface \u003cinterface\u003e interface-mac-limit ... ]\n\n\n[ vlans \u003cvlan\u003e switch-options mac-table-size ... ]\n[ protocols l2-learning global-mac-limit ... ]\n[ vlans \u003cvlan\u003e switch-options\u00a0mac-move-limit\u00a0drop/drop-and-log ]"
        }
      ],
      "datePublic": "2024-10-09T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eSeveral configuration statements meant to enforce limits on MAC learning and moves can be configured but do not take effect. This can lead to control plane overload situations which will severely impact the ability of the device to processes legitimate traffic.\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS Evolved on QFX5000 Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S8-EVO,\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e22.2-EVO versions before 22.2R3-S5-EVO,\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e22.4-EVO versions before 22.4R3-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e23.2-EVO versions before 23.2R2-EVO.\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\n\nSeveral configuration statements meant to enforce limits on MAC learning and moves can be configured but do not take effect. This can lead to control plane overload situations which will severely impact the ability of the device to processes legitimate traffic.\n\n\n\nThis issue affects Junos OS Evolved on QFX5000 Series:\n\n\n\n  *  All versions before 21.4R3-S8-EVO,\n  *  22.2-EVO versions before 22.2R3-S5-EVO,\n\n  *  22.4-EVO versions before 22.4R3-EVO,\n  *  23.2-EVO versions before 23.2R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE 447 Unimplemented or Unsupported Feature in UI",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-11T15:30:02.282Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA88128"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.4R3-S8-EVO, 22.2R3-S5-EVO*, 22.4R3-EVO, 23.2R2-EVO\u003c/span\u003e, 23.4R1-EVO, and all subsequent releases.\u003cbr\u003e(* future release)"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S8-EVO, 22.2R3-S5-EVO*, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\n(* future release)"
        }
      ],
      "source": {
        "advisory": "JSA88128",
        "defect": [
          "1705911"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS Evolved: QFX5000 Series: Configured MAC learning and move limits are not in effect",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-47498",
    "datePublished": "2024-10-11T15:30:02.282Z",
    "dateReserved": "2024-09-25T15:26:52.609Z",
    "dateUpdated": "2024-10-11T17:38:01.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-47498\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2024-10-11T16:15:10.590\",\"lastModified\":\"2024-10-15T12:58:51.050\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\\n\\nSeveral configuration statements meant to enforce limits on MAC learning and moves can be configured but do not take effect. This can lead to control plane overload situations which will severely impact the ability of the device to processes legitimate traffic.\\n\\n\\n\\nThis issue affects Junos OS Evolved on QFX5000 Series:\\n\\n\\n\\n  *  All versions before 21.4R3-S8-EVO,\\n  *  22.2-EVO versions before 22.2R3-S5-EVO,\\n\\n  *  22.4-EVO versions before 22.4R3-EVO,\\n  *  23.2-EVO versions before 23.2R2-EVO.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de caracter\u00edstica no implementada o no compatible en la interfaz de usuario en la CLI de Juniper Networks Junos OS Evolved en la serie QFX5000 permite que un atacante adyacente no autenticado provoque una denegaci\u00f3n de servicio (DoS). Se pueden configurar varias declaraciones de configuraci\u00f3n destinadas a imponer l\u00edmites en el aprendizaje y los movimientos de MAC, pero no surten efecto. Esto puede provocar situaciones de sobrecarga del plano de control que afectar\u00e1n gravemente la capacidad del dispositivo para procesar tr\u00e1fico leg\u00edtimo. Este problema afecta a Junos OS Evolved en la serie QFX5000: * Todas las versiones anteriores a 21.4R3-S8-EVO, * Versiones 22.2-EVO anteriores a 22.2R3-S5-EVO, * Versiones 22.4-EVO anteriores a 22.4R3-EVO, * Versiones 23.2-EVO anteriores a 23.2R2-EVO.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"NONE\",\"vulnerableSystemIntegrity\":\"LOW\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA88128\",\"source\":\"sirt@juniper.net\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.