CVE-2024-47497

EPSS 0.24%
Veröffentlicht 11.10.2024 16:15:10
Zuletzt bearbeitet 15.10.2024 12:58:51
Quelle sirt@juniper.net
Teams Watchlist Login
Unerledigt Login

An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service (DoS).

An attacker can send specific HTTPS connection requests to the device, triggering the creation of processes that are not properly terminated. Over time, this leads to resource exhaustion, ultimately causing the device to crash and restart.

The following command can be used to monitor the resource usage:
user@host> show system processes extensive | match mgd | count

This issue affects Junos OS on SRX Series and EX Series:
All versions before 21.4R3-S7,
from 22.2 before 22.2R3-S4,
from 22.3 before 22.3R3-S3,
from 22.4 before 22.4R3-S2,
from 23.2 before 23.2R2-S1,
from 23.4 before 23.4R1-S2, 23.4R2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerjuniper

≫

Produkt junos

Default Statusunaffected

Version < 21.4r3-s7

Version 0

Status affected

Version < 22.2r3-s4

Version 22.2

Status affected

Version < 22.3r3-s3

Version 22.3

Status affected

Version < 22.4r3-s2

Version 22.4

Status affected

Version < 23.2r2-s1

Version 23.2

Status affected

Version < 23.4r1-s2

Version 23.4

Status affected

Version < 23.4r2

Version 23.4

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.475

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
sirt@juniper.net	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X
sirt@juniper.net	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://supportportal.juniper.net/

https://nvd.nist.gov/vuln/detail/CVE-2024-47497

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47497

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47497

EUVD