CVE-2024-47497

{"id": "CVE-2024-47497", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "AUTOMATIC", "baseScore": 8.7, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-10-11T16:15:10.340", "references": [{"url": "https://supportportal.juniper.net/", "source": "sirt@juniper.net"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service (DoS).\n\nAn attacker can send specific HTTPS connection requests to the device, triggering the creation of processes that are not properly terminated. Over time, this leads to resource exhaustion, ultimately causing the device to crash and restart.\n\nThe following command can be used to monitor the resource usage:\nuser@host> show system processes extensive | match mgd | count\n\nThis issue affects Junos OS on SRX Series and EX Series:\nAll versions before 21.4R3-S7,\nfrom 22.2 before 22.2R3-S4,\nfrom 22.3 before 22.3R3-S3,\nfrom 22.4 before 22.4R3-S2,\nfrom 23.2 before 23.2R2-S1,\nfrom 23.4 before 23.4R1-S2, 23.4R2."}, {"lang": "es", "value": "Una vulnerabilidad de consumo descontrolado de recursos en el daemon http (httpd) del sistema operativo Junos de Juniper Networks en las series SRX, QFX, MX y EX permite que un atacante no autenticado basado en la red provoque una denegaci\u00f3n de servicio (DoS). Un atacante puede enviar solicitudes de conexi\u00f3n HTTPS espec\u00edficas al dispositivo, lo que desencadena la creaci\u00f3n de procesos que no se terminan correctamente. Con el tiempo, esto conduce al agotamiento de los recursos, lo que finalmente hace que el dispositivo se bloquee y se reinicie. Se puede utilizar el siguiente comando para supervisar el uso de los recursos: user@host> show system processes comprehensive | match mgd | Este problema afecta a Junos OS en las series SRX y EX: todas las versiones anteriores a 21.4R3-S7, desde 22.2 hasta 22.2R3-S4, desde 22.3 hasta 22.3R3-S3, desde 22.4 hasta 22.4R3-S2, desde 23.2 hasta 23.2R2-S1, desde 23.4 hasta 23.4R1-S2, 23.4R2."}], "lastModified": "2024-10-15T12:58:51.050", "sourceIdentifier": "sirt@juniper.net"}