CVE-2024-47489

Summary

CVE-2024-47489 is an Improper Handling of Exceptional Conditions vulnerability affecting the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices. This issue allows unauthenticated, network-based attackers to send specific transit protocol traffic, causing a partial Denial of Service (DoS) to downstream devices. The Routing Engine (RE) incorrectly processes these packets, leading to DDoS protection queue violations and protocol flaps that impact connectivity to networking devices. This vulnerability affects both IPv4 and IPv6 and does not necessitate the configuration or enabling of any specific routing protocol. Users can monitor the DDoS protection queue using the 'show evo-pfemand host pkt-stats' and 'show host-path ddos all-policers' commands. Junos OS Evolved versions prior to 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S4-EVO, 22.4R3-S3-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, and 23.4R2-EVO are susceptible to this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.