{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-47498","assignerOrgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","state":"PUBLISHED","assignerShortName":"juniper","dateReserved":"2024-09-25T15:26:52.609Z","datePublished":"2024-10-11T15:30:02.282Z","dateUpdated":"2024-10-11T17:38:01.248Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["QFX5000 Series"],"product":"Junos OS Evolved","vendor":"Juniper Networks","versions":[{"lessThan":"21.4R3-S8-EVO","status":"affected","version":"0","versionType":"semver"},{"lessThan":"22.2R3-S5-EVO","status":"affected","version":"22.2-EVO","versionType":"semver"},{"lessThan":"22.4R3-EVO","status":"affected","version":"22.4-EVO","versionType":"semver"},{"lessThan":"23.2R2-EVO","status":"affected","version":"23.2-EVO","versionType":"semver"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A device is exposed to this issue if one or more of the following options are configured:<br><br><tt>[ switch-options interface-mac-limit ... ]<br>[ switch-options interface &lt;interface&gt; interface-mac-limit ... ]<br>\n\n<span style=\"background-color: rgb(255, 255, 255);\">[ vlans </span><span style=\"background-color: rgb(255, 255, 255);\">&lt;vlan&gt; </span><span style=\"background-color: rgb(255, 255, 255);\">switch-options interface &lt;interface&gt; interface-mac-limit ... ]</span><br>\n\n[ vlans &lt;vlan&gt; switch-options mac-table-size ... ]<br>[ protocols l2-learning global-mac-limit ... ]<br>[ vlans &lt;vlan&gt; switch-options&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">mac-move-limit</span>&nbsp;drop/drop-and-log ]<br><br></tt>"}],"value":"A device is exposed to this issue if one or more of the following options are configured:\n\n[ switch-options interface-mac-limit ... ]\n[ switch-options interface <interface> interface-mac-limit ... ]\n\n\n[ vlans <vlan> switch-options interface <interface> interface-mac-limit ... ]\n\n\n[ vlans <vlan> switch-options mac-table-size ... ]\n[ protocols l2-learning global-mac-limit ... ]\n[ vlans <vlan> switch-options mac-move-limit drop/drop-and-log ]"}],"datePublic":"2024-10-09T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).<br><br>Several configuration statements meant to enforce limits on MAC learning and moves can be configured but do not take effect. This can lead to control plane overload situations which will severely impact the ability of the device to processes legitimate traffic.<br><br><p></p><p>This issue affects Junos OS Evolved on QFX5000 Series:</p><p></p><ul><li>All versions before 21.4R3-S8-EVO,</li><li><span style=\"background-color: var(--wht);\">22.2-EVO versions before 22.2R3-S5-EVO,</span><br></li><li><span style=\"background-color: var(--wht);\">22.4-EVO versions before 22.4R3-EVO,</span></li><li><span style=\"background-color: var(--wht);\">23.2-EVO versions before 23.2R2-EVO.</span><br></li></ul><p></p>"}],"value":"An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\n\nSeveral configuration statements meant to enforce limits on MAC learning and moves can be configured but do not take effect. This can lead to control plane overload situations which will severely impact the ability of the device to processes legitimate traffic.\n\n\n\nThis issue affects Junos OS Evolved on QFX5000 Series:\n\n\n\n  *  All versions before 21.4R3-S8-EVO,\n  *  22.2-EVO versions before 22.2R3-S5-EVO,\n\n  *  22.4-EVO versions before 22.4R3-EVO,\n  *  23.2-EVO versions before 23.2R2-EVO."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":7.1,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:L","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"description":"CWE 447 Unimplemented or Unsupported Feature in UI","lang":"en"}]}],"providerMetadata":{"orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper","dateUpdated":"2024-10-11T15:30:02.282Z"},"references":[{"tags":["vendor-advisory"],"url":"https://supportportal.juniper.net/JSA88128"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The following software releases have been updated to resolve this specific issue: <span style=\"background-color: rgb(255, 255, 255);\">21.4R3-S8-EVO, 22.2R3-S5-EVO*, 22.4R3-EVO, 23.2R2-EVO</span>, 23.4R1-EVO, and all subsequent releases.<br>(* future release)"}],"value":"The following software releases have been updated to resolve this specific issue: 21.4R3-S8-EVO, 22.2R3-S5-EVO*, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\n(* future release)"}],"source":{"advisory":"JSA88128","defect":["1705911"],"discovery":"USER"},"title":"Junos OS Evolved: QFX5000 Series: Configured MAC learning and move limits are not in effect","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"There are no known workarounds for this issue."}],"value":"There are no known workarounds for this issue."}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-11T17:37:51.441062Z","id":"CVE-2024-47498","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-11T17:38:01.248Z"}}]}}