CVE-2024-47506

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Oct 11, 2024
Updated: Oct 15, 2024
CWE ID 833

Summary

CVE-2024-47506 is a Deadlock vulnerability affecting Juniper Networks Junos OS on SRX Series devices, specifically in versions prior to 21.3R3-S1, 21.4 before 21.4R3, 22.1 before 22.1R2, and 22.2 before both 22.2R1-S2 and 22.2R2. The vulnerability allows unauthenticated network-based attackers to induce a Denial of Service (DoS) by causing a crash in the packet forwarding engine (PFE) when processing a high volume of traffic through ATP Cloud inspection. Remediation involves upgrading affected systems to the specified secure versions of Junos OS as detailed in Juniper's security advisory JSA88137. The potential danger includes significant downtime and service disruption, with an exploitability score of 2.2 indicating medium severity with high impact on availability. The attack does not require user interaction or privileges, highlighting its risk for organizations using vulnerable systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share