What is the severity of CVE-2024-47494?

CVE-2024-47494 has a high severity rating due to its potential impact on system integrity and availability.

How do I fix CVE-2024-47494?

To fix CVE-2024-47494, update your Juniper Networks Junos OS to the latest available version that addresses this vulnerability.

What systems are affected by CVE-2024-47494?

CVE-2024-47494 affects Juniper Networks Junos OS versions up to but not including 21.4R3-S9.

What kind of attack does CVE-2024-47494 enable?

CVE-2024-47494 allows an attacker to exploit a race condition, potentially leading to manipulation of established session impacts.

Is there a workaround for CVE-2024-47494?

No specific workaround is recommended for CVE-2024-47494; updating to a secure version is the best response.

Vulnerability/
CVE-2024-47494

high

8.2

CWE

367 362

11/10/2024

15/10/2024

CVE-2024-47494: Junos OS: Due to a race condition AgentD process causes a memory corruption and FPC reset

First published: Fri Oct 11 2024(Updated: )

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the AgentD process during telemetry polling, to move the AgentD process into a state where AgentD attempts to reap an already destroyed sensor. This reaping attempt then leads to memory corruption causing the FPC to crash which is a Denial of Service (DoS). The FPC will recover automatically without user intervention after the crash. This issue affects Junos OS: * All versions before 21.4R3-S9 * From 22.2 before 22.2R3-S5, * From 22.3 before 22.3R3-S4, * From 22.4 before 22.4R3-S3, * From 23.2 before 23.2R2-S2, * From 23.4 before 23.4R2. This issue does not affect Junos OS Evolved.

Credit: sirt@juniper.net

Affected Software	Affected Version	How to fix
Juniper Junos	<21.4R3-S9>undefined>undefined>undefined>undefined>undefined

Remedy

The following software releases have been updated to resolve this specific issue: Junos OS: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S3, 23.2R2-S2, 23.4R2, 24.2R1, and all subsequent releases.

Never miss a vulnerability like this again

Reference Links

https://supportportal.juniper.net/JSA88121

Frequently Asked Questions

What is the severity of CVE-2024-47494?
CVE-2024-47494 has a high severity rating due to its potential impact on system integrity and availability.
How do I fix CVE-2024-47494?
To fix CVE-2024-47494, update your Juniper Networks Junos OS to the latest available version that addresses this vulnerability.
What systems are affected by CVE-2024-47494?
CVE-2024-47494 affects Juniper Networks Junos OS versions up to but not including 21.4R3-S9.
What kind of attack does CVE-2024-47494 enable?
CVE-2024-47494 allows an attacker to exploit a race condition, potentially leading to manipulation of established session impacts.
Is there a workaround for CVE-2024-47494?
No specific workaround is recommended for CVE-2024-47494; updating to a secure version is the best response.

agent/references
agent/weakness
agent/remedy
agent/title
agent/type
agent/first-publish-date
agent/description
agent/severity
agent/author
agent/event
collector/nvd-api
source/NVD
agent/last-modified-date
collector/mitre-cve
source/MITRE
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/juniper networks
canonical/juniper junos

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.