{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47496", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2024-09-25T15:26:52.609Z", "datePublished": "2024-10-11T15:28:13.727Z", "dateUpdated": "2024-10-11T17:42:39.299Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MX Series"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.4R3-S9", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "22.2R3-S5", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R3-S4", "status": "affected", "version": "22.3", "versionType": "semver"}, {"lessThan": "22.4R3-S2", "status": "affected", "version": "22.4", "versionType": "semver"}, {"lessThan": "23.2R2-S1", "status": "affected", "version": "23.2", "versionType": "semver"}, {"lessThan": "23.4R2", "status": "affected", "version": "23.4", "versionType": "semver"}]}], "datePublic": "2024-10-09T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A&nbsp;NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).<br><br>When a specific command is executed, the pfe crashes.&nbsp;<span style=\"background-color: rgb(251, 251, 251);\">This will cause traffic forwarding to be interrupted until the system self-recovers. R<span style=\"background-color: rgb(255, 255, 255);\">epeated execution will create a sustained DoS condition.<br><br> </span></span>This issue only affects MX Series devices with Line cards MPC1-MPC9.<br><p>This issue affects:<br>Junos OS on MX Series: <br></p><ul><li>All versions before 21.4R3-S9, </li><li>from 22.2 before 22.2R3-S5,&nbsp;</li><li>from 22.3 before 22.3R3-S4, </li><li>from 22.4 before 22.4R3-S2, </li><li>from 23.2 before 23.2R2-S1, </li><li>from 23.4 before 23.4R2.</li></ul><p></p>"}], "value": "A\u00a0NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).\n\nWhen a specific command is executed, the pfe crashes.\u00a0This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will create a sustained DoS condition.\n\n This issue only affects MX Series devices with Line cards MPC1-MPC9.\nThis issue affects:\nJunos OS on MX Series: \n\n\n * All versions before 21.4R3-S9, \n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.3 before 22.3R3-S4, \n * from 22.4 before 22.4R3-S2, \n * from 23.2 before 23.2R2-S1, \n * from 23.4 before 23.4R2."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:A", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-10-11T15:28:13.727Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases of Junos OS have been updated to resolve this specific issue: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S2, 23.2R2-S1, 23.4R2, 24.2R1 and all subsequent releases."}], "value": "The following software releases of Junos OS have been updated to resolve this specific issue: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S2, 23.2R2-S1, 23.4R2, 24.2R1 and all subsequent releases."}], "source": {"advisory": "JSA88123", "defect": ["1784593"], "discovery": "INTERNAL"}, "title": "Junos OS: MX Series: The PFE will crash on running specific command", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue.<br>Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.<br>"}], "value": "There are no known workarounds for this issue.\nUse access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-11T17:42:30.490508Z", "id": "CVE-2024-47496", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T17:42:39.299Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47496", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2024-09-25T15:26:52.609Z", "datePublished": "2024-10-11T15:28:13.727Z", "dateUpdated": "2024-10-11T17:42:39.299Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MX Series"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.4R3-S9", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "22.2R3-S5", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R3-S4", "status": "affected", "version": "22.3", "versionType": "semver"}, {"lessThan": "22.4R3-S2", "status": "affected", "version": "22.4", "versionType": "semver"}, {"lessThan": "23.2R2-S1", "status": "affected", "version": "23.2", "versionType": "semver"}, {"lessThan": "23.4R2", "status": "affected", "version": "23.4", "versionType": "semver"}]}], "datePublic": "2024-10-09T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A&nbsp;NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).<br><br>When a specific command is executed, the pfe crashes.&nbsp;<span style=\"background-color: rgb(251, 251, 251);\">This will cause traffic forwarding to be interrupted until the system self-recovers. R<span style=\"background-color: rgb(255, 255, 255);\">epeated execution will create a sustained DoS condition.<br><br> </span></span>This issue only affects MX Series devices with Line cards MPC1-MPC9.<br><p>This issue affects:<br>Junos OS on MX Series: <br></p><ul><li>All versions before 21.4R3-S9, </li><li>from 22.2 before 22.2R3-S5,&nbsp;</li><li>from 22.3 before 22.3R3-S4, </li><li>from 22.4 before 22.4R3-S2, </li><li>from 23.2 before 23.2R2-S1, </li><li>from 23.4 before 23.4R2.</li></ul><p></p>"}], "value": "A\u00a0NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).\n\nWhen a specific command is executed, the pfe crashes.\u00a0This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will create a sustained DoS condition.\n\n This issue only affects MX Series devices with Line cards MPC1-MPC9.\nThis issue affects:\nJunos OS on MX Series: \n\n\n * All versions before 21.4R3-S9, \n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.3 before 22.3R3-S4, \n * from 22.4 before 22.4R3-S2, \n * from 23.2 before 23.2R2-S1, \n * from 23.4 before 23.4R2."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:A", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-10-11T15:28:13.727Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases of Junos OS have been updated to resolve this specific issue: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S2, 23.2R2-S1, 23.4R2, 24.2R1 and all subsequent releases."}], "value": "The following software releases of Junos OS have been updated to resolve this specific issue: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S2, 23.2R2-S1, 23.4R2, 24.2R1 and all subsequent releases."}], "source": {"advisory": "JSA88123", "defect": ["1784593"], "discovery": "INTERNAL"}, "title": "Junos OS: MX Series: The PFE will crash on running specific command", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue.<br>Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.<br>"}], "value": "There are no known workarounds for this issue.\nUse access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47496", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-11T17:42:30.490508Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T17:42:35.236Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A\u00a0NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).\n\nWhen a specific command is executed, the pfe crashes.\u00a0This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will create a sustained DoS condition.\n\n This issue only affects MX Series devices with Line cards MPC1-MPC9.\nThis issue affects:\nJunos OS on MX Series: \n\n\n * All versions before 21.4R3-S9, \n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.3 before 22.3R3-S4, \n * from 22.4 before 22.4R3-S2, \n * from 23.2 before 23.2R2-S1, \n * from 23.4 before 23.4R2."}, {"lang": "es", "value": "Una vulnerabilidad de desreferencia de puntero nulo en el motor de reenv\u00edo de paquetes (pfe) de Juniper Networks Junos OS permite a un atacante local con pocos privilegios provocar una denegaci\u00f3n de servicio (DoS). Cuando se ejecuta un comando espec\u00edfico, el pfe se bloquea. Esto provocar\u00e1 que el reenv\u00edo de tr\u00e1fico se interrumpa hasta que el sistema se recupere por s\u00ed solo. La ejecuci\u00f3n repetida crear\u00e1 una condici\u00f3n de DoS sostenida. Este problema solo afecta a los dispositivos de la serie MX con tarjetas de l\u00ednea MPC1-MPC9. Este problema afecta a: Junos OS en la serie MX: * Todas las versiones anteriores a 21.4R3-S9, * desde 22.2 hasta 22.2R3-S5, * desde 22.3 hasta 22.3R3-S4, * desde 22.4 hasta 22.4R3-S2, * desde 23.2 hasta 23.2R2-S1, * desde 23.4 hasta 23.4R2."}], "id": "CVE-2024-47496", "lastModified": "2024-10-15T12:58:51.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "AUTOMATIC", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-10-11T16:15:10.080", "references": [{"source": "[email protected]", "url": "https://supportportal.juniper.net/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "[email protected]", "type": "Primary"}]}

{}