A NULL Pointer Dereference vulnerability in the
packet forwarding engine (pfe) of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS).
In a VPLS or Junos Fusion scenario, the execution of specific show commands will cause all FPCs hosting VPLS sessions or connecting to satellites to crash and restart.
This issue affects Junos on MX304, MX with MPC10/11/LC9600 and EX9200 with EX9200-15C:
* All version before 21.2R3-S1,
* 21.3 versions before 21.3R3,
* 21.4 versions before 21.4R2.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://supportportal.juniper.net/JSA88131 |
History
Fri, 11 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 11 Oct 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A NULL Pointer Dereference vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In a VPLS or Junos Fusion scenario, the execution of specific show commands will cause all FPCs hosting VPLS sessions or connecting to satellites to crash and restart. This issue affects Junos on MX304, MX with MPC10/11/LC9600 and EX9200 with EX9200-15C: * All version before 21.2R3-S1, * 21.3 versions before 21.3R3, * 21.4 versions before 21.4R2. | |
Title | Junos OS: MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C: In a VPLS or Junos Fusion scenario specific show commands cause FPCs to crash | |
Weaknesses | CWE-476 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: juniper
Published: 2024-10-11T15:31:12.115Z
Updated: 2024-10-11T17:31:13.526Z
Reserved: 2024-09-25T15:26:52.609Z
Link: CVE-2024-47501
Vulnrichment
Updated: 2024-10-11T17:31:09.998Z
NVD
Status : Awaiting Analysis
Published: 2024-10-11T16:15:11.167
Modified: 2024-10-15T12:58:51.050
Link: CVE-2024-47501
Redhat
No data.