CVE-2024-47505

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 11, 2024
Updated: Oct 15, 2024
CWE ID 770

Summary

CVE-2024-47505 is a vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks' Junos OS Evolved that allows authenticated, network-based attackers to induce a Denial of Service (DoS) by causing FPC crashes through specific SNMP GET operations or low-privileged CLI commands. This issue results in a GUID resource leak, leading to resource exhaustion that can hang affected FPCs, requiring manual restarts for recovery. Organizations can monitor for this leak using the command show platform application-info allocations app evo-pfemand/evo-pfemand, paying attention to the rightmost column labeled "Guids." Remediation involves limiting access to the affected components and regularly monitoring system resources to prevent excessive consumption. The vulnerability has a medium severity score, with a high impact on availability and is rated as having low attack complexity and requiring low privileges.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share