CVE-2024-47502
📋 TL;DR
An unauthenticated network attacker can cause a denial of service (DoS) on Juniper Junos OS Evolved by exploiting a resource exhaustion vulnerability in the kernel. The vulnerability occurs when terminated TCP sessions aren't properly cleared, eventually preventing new control plane connections. This affects IPv4 TCP sessions established in-band but not IPv6 or out-of-band management connections.
💻 Affected Systems
- Juniper Networks Junos OS Evolved
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service preventing all new control plane connections, requiring manual routing engine restart to recover.
Likely Case
Gradual performance degradation leading to partial DoS as TCP session resources are exhausted over time.
If Mitigated
Limited impact if systems are patched or workarounds are implemented to monitor and manage TCP connections.
🎯 Exploit Status
Exploitation requires establishing and terminating TCP connections to trigger resource exhaustion.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 21.4R3-S9-EVO, 22.2R3-S4-EVO, 22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R2-EVO or later
Vendor Advisory: https://supportportal.juniper.net/JSA88132
Restart Required: Yes
Instructions:
1. Download appropriate patch version from Juniper support portal. 2. Apply patch using Junos OS Evolved update procedures. 3. Restart routing engine to apply fix.
🔧 Temporary Workarounds
Monitor TCP Connection Count
allRegularly monitor TCP connection counts to detect abnormal increases and restart routing engine before DoS occurs.
user@host > show system connections
Limit In-band TCP Connections
allImplement network controls to limit TCP connections to control plane interfaces where possible.
🧯 If You Can't Patch
- Implement strict network segmentation to limit access to control plane interfaces
- Deploy rate limiting or connection limiting on network devices in front of vulnerable systems
🔍 How to Verify
Check if Vulnerable:
Check current Junos OS Evolved version and compare against affected versions list. Monitor 'show system connections' for continuously increasing connection counts.Check Version:
user@host > show versionVerify Fix Applied:
Verify version is patched to one of the fixed versions and monitor that TCP connection counts stabilize after patch application.📡 Detection & Monitoring
Log Indicators:
- Increasing TCP connection counts in system logs
- Control plane connection failures
Network Indicators:
- Unusual TCP connection patterns to control plane interfaces
- Failed connection attempts to management services
SIEM Query:
source="junos" AND ("TCP connection" OR "control plane") AND (count>threshold OR "failed to establish")