github - ghsa-3x4w-v43m-f5m7

GHSA-3X4W-V43M-F5M7

Vulnerability from github – Published: 2024-10-11 18:32 – Updated: 2024-10-15 15:30

Details

Receipt of specific transit protocol packets is incorrectly processed by the Routing Engine (RE), filling up the DDoS protection queue which is shared between routing protocols. This influx of transit protocol packets causes DDoS protection violations, resulting in protocol flaps which can affect connectivity to networking devices.

This issue affects both IPv4 and IPv6. This issue does not require any specific routing protocol to be configured or enabled.

The following commands can be used to monitor the DDoS protection queue:

labuser@re0> show evo-pfemand host pkt-stats

labuser@re0> show host-path ddos all-policers

This issue affects Junos OS Evolved:

All versions before 21.4R3-S8-EVO,
from 22.2 before 22.2R3-S4-EVO,
from 22.3 before 22.3R3-S4-EVO,
from 22.4 before 22.4R3-S3-EVO,
from 23.2 before 23.2R2-EVO,
from 23.4 before 23.4R1-S1-EVO, 23.4R2-EVO,
from 24.2 before 24.2R2-EVO.

Severity ?

5.8 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

6.9 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:L/R:A

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-47489"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-11T16:15:08Z",
    "severity": "MODERATE"
  },
  "details": "An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service (DoS) to downstream devices.\n\nReceipt of specific transit protocol packets is incorrectly processed by the Routing Engine (RE), filling up the DDoS protection queue which is shared between routing protocols.\u00a0This influx of transit protocol packets causes DDoS protection violations,\u00a0resulting in protocol flaps which can affect connectivity to networking devices.\n\nThis issue affects both IPv4 and IPv6. This issue does not require any specific routing protocol to be configured or enabled.\n\nThe following commands can be used to monitor the DDoS protection queue:\n\n\u00a0 \u00a0 \u00a0 \u00a0labuser@re0\u003e show evo-pfemand host pkt-stats\n\n\u2003\u2003\u00a0 labuser@re0\u003e show host-path ddos all-policers\n\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n  *  All versions before 21.4R3-S8-EVO,\u00a0\n  *  from 22.2 before 22.2R3-S4-EVO,\u00a0\n  *  from 22.3 before 22.3R3-S4-EVO,\u00a0\n  *  from 22.4 before 22.4R3-S3-EVO,\u00a0\n  *  from 23.2 before 23.2R2-EVO,\u00a0\n  *  from 23.4 before 23.4R1-S1-EVO, 23.4R2-EVO,\u00a0\n  *  from 24.2 before 24.2R2-EVO.",
  "id": "GHSA-3x4w-v43m-f5m7",
  "modified": "2024-10-15T15:30:49Z",
  "published": "2024-10-11T18:32:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47489"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CVE-2024-47489 (GCVE-0-2024-47489)

Vulnerability from cvelistv5 – Published: 2024-10-11 15:22 – Updated: 2024-10-11 18:00

Summary

An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service (DoS) to downstream devices. Receipt of specific transit protocol packets is incorrectly processed by the Routing Engine (RE), filling up the DDoS protection queue which is shared between routing protocols. This influx of transit protocol packets causes DDoS protection violations, resulting in protocol flaps which can affect connectivity to networking devices. This issue affects both IPv4 and IPv6. This issue does not require any specific routing protocol to be configured or enabled. The following commands can be used to monitor the DDoS protection queue: labuser@re0> show evo-pfemand host pkt-stats labuser@re0> show host-path ddos all-policers This issue affects Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.3 before 22.3R3-S4-EVO, * from 22.4 before 22.4R3-S3-EVO, * from 23.2 before 23.2R2-EVO, * from 23.4 before 23.4R1-S1-EVO, 23.4R2-EVO, * from 24.2 before 24.2R2-EVO.

Severity ?

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:L/R:A

CWE

CWE-755 - Improper Handling of Exceptional Conditions

Assigner

juniper

References

URL

Tags

https://supportportal.juniper.net/

vendor-advisory

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS Evolved	Affected: 0 , < 21.4R3-S8-EVO (semver) Affected: 22.2 , < 22.2R3-S4-EVO (semver) Affected: 22.3 , < 22.3R3-S4-EVO (semver) Affected: 22.4 , < 22.4R3-S3-EVO (semver) Affected: 23.2 , < 23.2R2-EVO (semver) Affected: 23.4 , < 23.4R1-S1-EVO, 23.4R2-EVO (semver) Affected: 24.2 , < 24.2R2-EVO (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:juniper:junos_evolved:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "junos_evolved",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "21.4r3-s8-evo",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThan": "22.2r3-s4-evo",
                "status": "affected",
                "version": "22.2",
                "versionType": "semver"
              },
              {
                "lessThan": "22.3r3-s4-evo",
                "status": "affected",
                "version": "22.3",
                "versionType": "semver"
              },
              {
                "lessThan": "22.4r3-s3-evo",
                "status": "affected",
                "version": "22.4",
                "versionType": "semver"
              },
              {
                "lessThan": "23.2r2-evo",
                "status": "affected",
                "version": "23.2",
                "versionType": "semver"
              },
              {
                "lessThan": "23.4r1-s1-evo",
                "status": "affected",
                "version": "23.4",
                "versionType": "semver"
              },
              {
                "lessThan": "23.4r2-evo",
                "status": "affected",
                "version": "23.4",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47489",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-11T17:57:54.121950Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-11T18:00:33.801Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.4R3-S8-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S4-EVO",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S4-EVO",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S3-EVO",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-EVO",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R1-S1-EVO, 23.4R2-EVO",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-EVO",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-10-09T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eAn Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service (DoS) to downstream devices.\u003cbr\u003e\u003cbr\u003eReceipt of specific transit protocol packets is incorrectly processed by the Routing Engine (RE), filling up the DDoS protection queue which is shared between routing protocols.\u0026nbsp;\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eThis influx of transit protocol packets causes \u003c/span\u003e\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eDDoS protection violations,\u003c/span\u003e\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003e\u0026nbsp;resulting in protocol flaps which can affect connectivity to networking devices.\u003cbr\u003e\u003cbr\u003eThis issue affects both IPv4 and IPv6. This issue does not require any specific routing protocol to be configured or enabled.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eThe following commands can be used to monitor the DDoS protection queue:\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003e\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003e\u0026nbsp;labuser@re0\u0026gt; show evo-pfemand host pkt-stats\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u2003\u2003\u0026nbsp; labuser@re0\u0026gt; show host-path ddos all-policers\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cp\u003eThis issue affects Junos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S8-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S4-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S1-EVO, 23.4R2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service (DoS) to downstream devices.\n\nReceipt of specific transit protocol packets is incorrectly processed by the Routing Engine (RE), filling up the DDoS protection queue which is shared between routing protocols.\u00a0This influx of transit protocol packets causes DDoS protection violations,\u00a0resulting in protocol flaps which can affect connectivity to networking devices.\n\nThis issue affects both IPv4 and IPv6. This issue does not require any specific routing protocol to be configured or enabled.\n\nThe following commands can be used to monitor the DDoS protection queue:\n\n\u00a0 \u00a0 \u00a0 \u00a0labuser@re0\u003e show evo-pfemand host pkt-stats\n\n\u2003\u2003\u00a0 labuser@re0\u003e show host-path ddos all-policers\n\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n  *  All versions before 21.4R3-S8-EVO,\u00a0\n  *  from 22.2 before 22.2R3-S4-EVO,\u00a0\n  *  from 22.3 before 22.3R3-S4-EVO,\u00a0\n  *  from 22.4 before 22.4R3-S3-EVO,\u00a0\n  *  from 23.2 before 23.2R2-EVO,\u00a0\n  *  from 23.4 before 23.4R1-S1-EVO, 23.4R2-EVO,\u00a0\n  *  from 24.2 before 24.2R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:L/R:A",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-755",
              "description": "CWE-755 Improper Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-11T15:22:00.413Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003e\u003cbr\u003eJunos OS Evolved: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S4-EVO*, 22.4R3-S3-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R2-EVO*, 24.4R1-EVO*, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e* Future Release"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS Evolved: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S4-EVO*, 22.4R3-S3-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R2-EVO*, 24.4R1-EVO*, and all subsequent releases.\n\n* Future Release"
        }
      ],
      "source": {
        "advisory": "JSA88111",
        "defect": [
          "1784773"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS Evolved: ACX Series: Receipt of specific transit protocol packets is incorrectly processed by the RE",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere are no known workarounds for this issue.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-47489",
    "datePublished": "2024-10-11T15:22:00.413Z",
    "dateReserved": "2024-09-25T15:26:52.608Z",
    "dateUpdated": "2024-10-11T18:00:33.801Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-3X4W-V43M-F5M7

CVE-2024-47489 (GCVE-0-2024-47489)

Tags

Sightings

Nomenclature