CVE-2024-47496

Summary

A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).

When a specific command is executed, the pfe crashes. This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will create a sustained DoS condition.

This issue only affects MX Series devices with Line cards MPC1-MPC9. This issue affects: Junos OS on MX Series:

  • All versions before 21.4R3-S9,
  • from 22.2 before 22.2R3-S5, 
  • from 22.3 before 22.3R3-S4,
  • from 22.4 before 22.4R3-S2,
  • from 23.2 before 23.2R2-S1,
  • from 23.4 before 23.4R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS0 < 21.4R3-S9affected
Juniper NetworksJunos OS22.2 < 22.2R3-S5affected
Juniper NetworksJunos OS22.3 < 22.3R3-S4affected
Juniper NetworksJunos OS22.4 < 22.4R3-S2affected
Juniper NetworksJunos OS23.2 < 23.2R2-S1affected
Juniper NetworksJunos OS23.4 < 23.4R2affected

Weaknesses

  • CWE-476: CWE-476 NULL Pointer Dereference

Workarounds

There are no known workarounds for this issue. Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References