ГлавнаяУязвимости → CVE-2024-47497
7.5высокая

CVE-2024-47497

→ есть в БДУ: BDU:2024-08473 (на русском)
Описание (на английском; русское — в БДУ выше)

An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service (DoS). An attacker can send specific HTTPS connection requests to the device, triggering the creation of processes that are not properly terminated. Over time, this leads to resource exhaustion, ultimately causing the device to crash and restart. The following command can be used to monitor the resource usage: user@host> show system processes extensive | match mgd | count This issue affects Junos OS on SRX Series and EX Series: All versions before 21.4R3-S7, from 22.2 before 22.2R3-S4, from 22.3 before 22.3R3-S3, from 22.4 before 22.4R3-S2, from 23.2 before 23.2R2-S1, from 23.4 before 23.4R1-S2, 23.4R2.

Затрагиваемое ПО
Juniper JunosJuniper Ex2300Juniper Ex2300-cJuniper Ex3400Juniper Ex4000Juniper Ex4100Juniper Ex4100-fJuniper Ex4100-hJuniper Ex4300Juniper Ex4400Juniper Ex4600Juniper Ex4650Juniper Ex9204Juniper Ex9208Juniper Ex9214Juniper Mx10004Juniper Mx10008Juniper Mx2008Juniper Mx2010Juniper Mx2020Juniper Mx204Juniper Mx240Juniper Mx304Juniper Mx480Juniper Mx960
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
https://supportportal.juniper.net/