CVE-2024-47497 — HIGH (7.5)

Q: How severe is CVE-2024-47497?

CVE-2024-47497 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-47497?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex2300, Juniper Ex2300-C, Juniper Ex3400, Juniper Ex4000.

Vulnerability Description

An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service (DoS). An attacker can send specific HTTPS connection requests to the device, triggering the creation of processes that are not properly terminated. Over time, this leads to resource exhaustion, ultimately causing the device to crash and restart. The following command can be used to monitor the resource usage: user@host> show system processes extensive | match mgd | count This issue affects Junos OS on SRX Series and EX Series: All versions before 21.4R3-S7, from 22.2 before 22.2R3-S4, from 22.3 before 22.3R3-S3, from 22.4 before 22.4R3-S2, from 23.2 before 23.2R2-S1, from 23.4 before 23.4R1-S2, 23.4R2.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Juniper	Junos	< 21.4
Juniper	Ex2300	-
Juniper	Ex2300-C	-
Juniper	Ex3400	-
Juniper	Ex4000	-
Juniper	Ex4100	-
Juniper	Ex4100-F	-
Juniper	Ex4100-H	-
Juniper	Ex4300	-
Juniper	Ex4400	-
Juniper	Ex4600	-
Juniper	Ex4650	-
Juniper	Ex9204	-
Juniper	Ex9208	-
Juniper	Ex9214	-
Juniper	Mx10004	-
Juniper	Mx10008	-
Juniper	Mx2008	-
Juniper	Mx2010	-
Juniper	Mx2020	-

Related Weaknesses (CWE)

CWE-400

References

https://supportportal.juniper.net/Permissions Required

FAQ

What is CVE-2024-47497?

CVE-2024-47497 is a vulnerability with a CVSS score of 7.5 (HIGH). An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based a...

How severe is CVE-2024-47497?

CVE-2024-47497 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-47497?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex2300, Juniper Ex2300-C, Juniper Ex3400, Juniper Ex4000.