CVE-2024-47504Improper Validation of Specified Type of Input in Networks Junos OS

CWE-1287Improper Validation of Specified Type of Input4 documents4 sources
Severity
8.7HIGHNVD
EPSS
0.2%
top 53.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedOct 11

Description

An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service (Dos). When a non-clustered SRX5000 device receives a specifically malformed packet this will cause a flowd crash and restart. This issue affects Junos OS: * 22.1 releases 22.1R1 and later before 22.2R3-S5, * 22.3 releases before 22.3R3-S4, * 22.4 releases before 22.4R3-S

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages2 packages

CVEListV5juniper_networks/junos_os22.222.2R3-S5+5
NVDjuniper/junos6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-4477-rpcx-r84q: An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allo2024-10-11
CVEList
Junos OS: SRX5000 Series: Receipt of a specific malformed packet will cause a flowd crash2024-10-11

📋Vendor Advisories

1
Juniper
CVE-2024-47504: An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allo2024-10-11
CVE-2024-47504 — Networks Junos OS vulnerability | cvebase