CVE-2024-47502

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 11, 2024
Updated: Oct 15, 2024
CWE ID 770

Summary

CVE-2024-47502 is a vulnerability in Juniper Networks' Junos OS Evolved that allows unauthenticated, network-based attackers to induce a Denial of Service (DoS) by exhausting TCP session resources. This issue affects all versions prior to 21.4R3-S9-EVO, as well as specific 22.2 and 22.4 versions before designated thresholds, and it is limited to IPv4 TCP sessions established in-band. The problem arises from the failure to clear the state of terminated TCP sessions, leading to resource exhaustion over time. Remediation involves manually restarting the respective Routing Engine (RE) when resource exhaustion occurs; however, this does not address the underlying vulnerability. Organizations should prioritize updating their systems to the latest patched versions to mitigate this high-severity risk, which has an exploitability score of 3.9 and can significantly impact availability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share