How severe is CVE-2024-47494?

This vulnerability has a severity rating of HIGH with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-47494?

This is classified as CWE-367, which is a common weakness in software security.

CVE-2024-47494 - HIGH Severity | CVSS 5.9

Vulnerability Description

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the AgentD process during telemetry polling, to move the AgentD process into a state where AgentD attempts to reap an already destroyed sensor. This reaping attempt then leads to memory corruption causing the FPC to crash which is a Denial of Service (DoS). The FPC will recover automatically without user intervention after the crash. This issue affects Junos OS: * All versions before 21.4R3-S9 * From 22.2 before 22.2R3-S5, * From 22.3 before 22.3R3-S4, * From 22.4 before 22.4R3-S3, * From 23.2 before 23.2R2-S2, * From 23.4 before 23.4R2. This issue does not affect Junos OS Evolved.

Related Vulnerabilities

CVE-2018-1121

MEDIUM

CVSS:5.9(Medium)

procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use...

CWE-3672018

CVE-2019-18644

MEDIUM

CVSS:5.9(Medium)

The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted.

CWE-3672019

CVE-2019-20000

MEDIUM

CVSS:5.9(Medium)

The malware scan function in BullGuard Premium Protection 20.0.371.8 has a TOCTOU issue that enables a symbolic link attack, allowing privileged files to be deleted.

CWE-3672019

CVE-2020-3808

MEDIUM

CVSS:5.9(Medium)

Creative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion.

CWE-3672020

CVE-2020-8890

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of i...

CWE-3672020

CVE-2021-30342

MEDIUM

CVSS:5.9(Medium)

Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snap...

CWE-3672021