CVE-2024-47494Time-of-check Time-of-use (TOCTOU) Race Condition in Networks Junos OS

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition4 documents4 sources
Severity
8.2HIGHNVD
EPSS
0.3%
top 49.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedOct 11

Description

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the AgentD process during telemetry polling, to move the AgentD process into a state where AgentD attempts to reap an already destroyed sensor. This reaping attempt then leads to memory corruption causing the FPC to crash which is a Denial of Service (DoS). The F

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5juniper_networks/junos_os22.222.2R3-S5+5
NVDjuniper/junos< 21.4+6

🔴Vulnerability Details

2
GHSA
GHSA-f3wp-gx52-q6g2: A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already2024-10-11
CVEList
Junos OS: Due to a race condition AgentD process causes a memory corruption and FPC reset2024-10-11

📋Vendor Advisories

1
Juniper
CVE-2024-47494: A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already2024-10-11
CVE-2024-47494 — Networks Junos OS vulnerability | cvebase