Juniper Networks Junos OS vulnerable to Improper Validation of Specified Type of Input flaw
CVE-2024-47504

7.5HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 11 October 2024

Summary

The vulnerability identified in Juniper Networks' Junos OS on the SRX5000 Series pertains to an improper validation of specified types of input. This flaw allows an unauthenticated network-based attacker to exploit the packet forwarding engine, leading to a Denial of Service (DoS) condition. When the device receives a specially crafted malformed packet, it may trigger a crash and subsequent restart of the flowd process, impacting the availability of the network services. Affected versions of the Junos OS include various releases within the 22.x, 23.x, and 24.x series, highlighting the importance of timely updates and patches to mitigate potential risks.

Affected Version(s)

Junos OS SRX5000 Series 22.2 < 22.2R3-S5

Junos OS SRX5000 Series 22.3 < 22.3R3-S4

Junos OS SRX5000 Series 22.4 < 22.4R3-S4

References

https://supportportal.juniper.net/JSA88134

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Sep 25, 2024

Collectors

NVD DatabaseMitre Database