CVE-2024-47494

EPSS 0.11%
Published 11.10.2024 16:15:09
Last modified 15.10.2024 12:58:51
Source sirt@juniper.net
Teams watchlist Login
Open Login

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the AgentD process during telemetry polling, to move the AgentD process into a state where AgentD attempts to reap an already destroyed sensor. This reaping attempt then leads to memory corruption causing the FPC to crash which is a Denial of Service (DoS).





The FPC will recover automatically without user intervention after the crash.
This issue affects Junos OS: 

  *  All versions before 21.4R3-S9
  *  From 22.2 before 22.2R3-S5,
  *  From 22.3 before 22.3R3-S4,
  *  From 22.4 before 22.4R3-S3,
  *  From 23.2 before 23.2R2-S2,
  *  From 23.4 before 23.4R2.


This issue does not affect Junos OS Evolved.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorJuniper Networks

≫

Product Junos OS

Default Statusunaffected

Version < 21.4R3-S9

Version 0

Status affected

Version < 22.2R3-S5

Version 22.2

Status affected

Version < 22.3R3-S4

Version 22.3

Status affected

Version < 22.4R3-S3

Version 22.4

Status affected

Version < 23.2R2-S2

Version 23.2

Status affected

Version < 23.4R2

Version 23.4

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.308

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
sirt@juniper.net	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
sirt@juniper.net	8.2	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:L/U:Green

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

https://supportportal.juniper.net/JSA88121

https://nvd.nist.gov/vuln/detail/CVE-2024-47494

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47494

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47494

EUVD