CVE-2024-47490
📋 TL;DR
An unauthenticated attacker can send specific MPLS packets to Juniper ACX 7000 Series devices running vulnerable Junos OS Evolved versions, causing the Packet Forwarding Engine to improperly forward packets to the Routing Engine. This leads to resource exhaustion and denial of service. No MPLS configuration is required for exploitation.
💻 Affected Systems
- Juniper Networks ACX 7000 Series
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete device outage with routing engine resource exhaustion, disrupting all network traffic through affected devices
Likely Case
Degraded performance and intermittent service disruptions due to resource exhaustion
If Mitigated
Minimal impact with proper network segmentation and traffic filtering
🎯 Exploit Status
Attack requires sending specific transit MPLS packets to vulnerable devices
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 21.4R3-S9-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R1-S1-EVO or later
Vendor Advisory: https://supportportal.juniper.net/JSA83009
Restart Required: Yes
Instructions:
1. Download appropriate patched version from Juniper support portal. 2. Backup current configuration. 3. Install update following Juniper upgrade procedures. 4. Reboot device to apply changes.
🔧 Temporary Workarounds
Filter MPLS traffic
allImplement firewall rules or ACLs to filter MPLS packets from untrusted sources
Network segmentation
allIsolate ACX 7000 devices from untrusted networks and limit MPLS traffic sources
🧯 If You Can't Patch
- Implement strict network segmentation to limit exposure to MPLS traffic
- Deploy intrusion prevention systems to detect and block malicious MPLS packets
🔍 How to Verify
Check if Vulnerable:
Check Junos OS Evolved version on ACX 7000 devices and compare against affected versions listCheck Version:
show version | match JunosVerify Fix Applied:
Verify installed version is patched version or later, monitor system resources for abnormal consumption📡 Detection & Monitoring
Log Indicators:
- High CPU/memory usage on Routing Engine
- Packet forwarding errors
- Resource exhaustion warnings
Network Indicators:
- Unusual MPLS traffic patterns to ACX 7000 devices
- Increased packet drops or latency
SIEM Query:
source="juniper-firewall" AND ("MPLS" OR "resource exhaustion" OR "high cpu")