CVE-2024-47497

Summary

CVE-2024-47497 is an uncontrolled resource consumption vulnerability that affects the http daemon (httpd) in Juniper Networks Junos OS on SRX Series, QFX Series, MX Series, and EX Series devices. This issue allows unauthenticated, network-based attackers to cause a Denial-of-Service (DoS) by sending specific HTTPS connection requests that trigger the creation of processes without proper termination. Over time, this leads to resource exhaustion and ultimately causes the device to crash and restart. To monitor resource usage, users can run the command "show system processes extensive | match mgd | count" on their host. This vulnerability affects various versions of Junos OS on SRX Series and EX Series, including all versions before 21.4R3-S7, from 22.2 before 22.2R3-S4, from 22.3 before 22.3R3-S3, from 22.4 before 22.4R3-S2, from 23.2 before 23.2R2-S1, and from 23.4 before 23.4R1-S2 and 23.4R2.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.