Uncontrolled Resource Consumption Vulnerability Can Cause Denial-of-Service (DoS) on Juniper Networks Devices
CVE-2024-47497

7.5HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 11 October 2024

Summary

An Uncontrolled Resource Consumption vulnerability exists in the http daemon (httpd) of Juniper Networks' Junos OS. This flaw allows unauthenticated, network-based attackers to exploit the system by sending specific HTTPS connection requests. This exploitation results in the creation of persistent processes that fail to terminate correctly, leading to resource depletion. Consequently, this can cause the affected devices, such as those in the SRX, QFX, MX, and EX Series, to become unresponsive and ultimately crash, requiring a restart. For impacted users, monitoring procedures can be implemented using system commands to track resource utilization.

Affected Version(s)

Junos OS SRX Series 0 < 21.4R3-S7

Junos OS SRX Series 22.2 < 22.2R3-S4

Junos OS SRX Series 22.3 < 22.3R3-S3

References

https://supportportal.juniper.net/

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Sep 25, 2024

Collectors

NVD DatabaseMitre Database