CVE-2024-47502

Oct 12, 2024

Published Date: 2024-10-11T16:15:11.413

Last Modified: 2024-10-11T16:15:11.413

CVSS Score: 7.5 (HIGH)

EPSS Score: 0.05%

Risk Score: 5.25 (HIGH)

Risk Score based on CVSS score and EPSS. This score is for reference purposes and is not internationally recognized.

CVSS: 7.5 | EPSS: 0.05%

NVD Links:

https://nvd.nist.gov/vuln/detail/CVE-2024-47502

Description: An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).

In specific cases the state of TCP sessions that are terminated is not cleared, which over time leads to an exhaustion of resources, preventing new connections to the control plane from being established.

A continuously increasing number of connections shown by:

user@host > show system connections

is indicative of the problem. To recover the respective RE needs to be restarted manually.

This issue only affects IPv4 but does not affect IPv6.
This issue only affects TCP sessions established in-band (over an interface on an FPC) but not out-of-band (over the management ethernet port on the routing-engine).

This issue affects Junos OS Evolved:

* All versions before 21.4R3-S9-EVO,
* 22.2 versions before 22.2R3-S4-EVO,
* 22.4 version before 22.4R3-S3-EVO,
* 23.2 versions before 23.2R2-S1-EVO,
* 23.4 versions before 23.4R2-EVO.

Mitre ATT&CK Technical v15.1

T1153 – Source
T1053.002 – At

Technical Analysis & Mitigation Measures

1. Technical Attack Analysis:
Attack Techniques:
– T1153 – Source : An attacker can exploit the vulnerability to generate excessive TCP connections, leading to resource exhaustion on the Junos OS Evolved kernel.
– T1053.002 – At : By leveraging this vulnerability, an attacker can orchestrate a Denial of Service (DoS) attack, effectively making the control plane of the device unreachable by legitimate users.

Possible Outcomes of Exploitation:
– Denial of Service (DoS) affecting the control plane, preventing new legitimate connections.
– Increased operational costs and downtime due to the need for manual intervention (restarting the Routing Engine).
– Potential for service disruption in networks relying on Juniper devices for routing, impacting business continuity.

2. Mitigation Measures:
– Upgrade to Junos OS Evolved version 21.4R3-S9-EVO or later.
– Upgrade to Junos OS Evolved version 22.2R3-S4-EVO or later.
– Upgrade to Junos OS Evolved version 22.4R3-S3-EVO or later.
– Upgrade to Junos OS Evolved version 23.2R2-S1-EVO or later.
– Upgrade to Junos OS Evolved version 23.4R2-EVO or later.
– Implement network segmentation to limit exposure of affected devices.
– Monitor TCP connection counts and set alerts for abnormal increases.
– Restrict access to in-band management interfaces.

The content above is generated by AI. Please review and consider carefully before applying!

Reference Links

https://supportportal.juniper.net/JSA88132

Vendor - Produce - Version

None

Disclaimer

The content on this website is automatically sourced from external websites such as the National Vulnerability Database (NVD), GitHub, and other security-related sources. This content is for reference purposes only, and we are not responsible for the accuracy or integrity of the information linked or displayed from these sources.