CVE-2024-47504

EPSS 0.31%
Veröffentlicht 11.10.2024 16:15:11
Zuletzt bearbeitet 15.10.2024 12:58:51
Quelle sirt@juniper.net
Teams Watchlist Login
Unerledigt Login

An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service (Dos).

When a non-clustered SRX5000 device receives a specifically malformed packet this will cause a flowd crash and restart.

This issue affects Junos OS:

  *  22.1 releases 22.1R1 and later before 22.2R3-S5,
  *  22.3 releases before 22.3R3-S4,
  *  22.4 releases before 22.4R3-S4,
  *  23.2 releases before 23.2R2-S2,
  *  23.4 releases before 23.4R2-S1,
  *  24.2 releases before 24.2R1-S1, 24.2R2.


Please note that the PR does indicate that earlier versions have been fixed as well, but these won't be adversely impacted by this.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerjuniper

≫

Produkt junos

Default Statusunaffected

Version < 22.2r3-s5

Version 22.2

Status affected

Version < 22.3r3-s4

Version 22.3

Status affected

Version < 22.4r3-s4

Version 22.4

Status affected

Version < 23.2r2-s2

Version 23.2

Status affected

Version < 23.4r2-s1

Version 23.4

Status affected

Version < 24.2r1-s1

Version 24.2

Status affected

Version < 24.2r2

Version 24.2

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.535

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
sirt@juniper.net	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X
sirt@juniper.net	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1287 Improper Validation of Specified Type of Input

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

https://supportportal.juniper.net/JSA88134

https://nvd.nist.gov/vuln/detail/CVE-2024-47504

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47504

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47504

EUVD