CVE-2024-47502
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-47502 is a vulnerability in Juniper Networks' Junos OS Evolved that allows unauthenticated, network-based attackers to induce a Denial of Service (DoS) by exhausting TCP session resources. This issue affects all versions prior to 21.4R3-S9-EVO, as well as specific 22.2 and 22.4 versions before designated thresholds, and it is limited to IPv4 TCP sessions established in-band. The problem arises from the failure to clear the state of terminated TCP sessions, leading to resource exhaustion over time. Remediation involves manually restarting the respective Routing Engine (RE) when resource exhaustion occurs; however, this does not address the underlying vulnerability. Organizations should prioritize updating their systems to the latest patched versions to mitigate this high-severity risk, which has an exploitability score of 3.9 and can significantly impact availability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.