CVE-2024-47496

Published: Oct 11, 2024Modified: Jan 26, 2026

6.8

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:XShow less

Source: sirt@juniper.net (Secondary)

Description

A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific command is executed, the pfe crashes. This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will create a sustained DoS condition. This issue only affects MX Series devices with Line cards MPC1-MPC9. This issue affects: Junos OS on MX Series: * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2.

Affected (61)

Products: Juniper: Junos

Juniper

1 product

Junos

Configuration A

61 vulnerable · 32 platform

Vulnerable Software	Affected Versions
Juniper Junos	Before 21.4
Juniper Junos	Version 21.4
Juniper Junos	Version 21.4 r1-s1
Juniper Junos	Version 21.4 r1-s2
Juniper Junos	Version 21.4 r1
Juniper Junos	Version 21.4 r2-s1
Juniper Junos	Version 21.4 r2-s2
Juniper Junos	Version 21.4 r2
Juniper Junos	Version 21.4 r3-s10
Juniper Junos	Version 21.4 r3-s11
Juniper Junos	Version 21.4 r3-s12
Juniper Junos	Version 21.4 r3-s1
Juniper Junos	Version 21.4 r3-s2
Juniper Junos	Version 21.4 r3-s3
Juniper Junos	Version 21.4 r3-s4
Juniper Junos	Version 21.4 r3-s5
Juniper Junos	Version 21.4 r3-s6
Juniper Junos	Version 21.4 r3-s7
Juniper Junos	Version 21.4 r3-s8
Juniper Junos	Version 21.4 r3
Juniper Junos	Version 22.2
Juniper Junos	Version 22.2 r1-s1
Juniper Junos	Version 22.2 r1-s2
Juniper Junos	Version 22.2 r1
Juniper Junos	Version 22.2 r2-s1
Juniper Junos	Version 22.2 r2-s2
Juniper Junos	Version 22.2 r2
Juniper Junos	Version 22.2 r3-s1
Juniper Junos	Version 22.2 r3-s2
Juniper Junos	Version 22.2 r3-s3
Juniper Junos	Version 22.2 r3-s4
Juniper Junos	Version 22.2 r3
Juniper Junos	Version 22.3
Juniper Junos	Version 22.3 r1-s1
Juniper Junos	Version 22.3 r1-s2
Juniper Junos	Version 22.3 r1
Juniper Junos	Version 22.3 r2-s1
Juniper Junos	Version 22.3 r2-s2
Juniper Junos	Version 22.3 r2
Juniper Junos	Version 22.3 r3-s1
Juniper Junos	Version 22.3 r3-s2
Juniper Junos	Version 22.3 r3-s3
Juniper Junos	Version 22.3 r3
Juniper Junos	Version 22.4
Juniper Junos	Version 22.4 r1-s1
Juniper Junos	Version 22.4 r1-s2
Juniper Junos	Version 22.4 r1
Juniper Junos	Version 22.4 r2-s1
Juniper Junos	Version 22.4 r2-s2
Juniper Junos	Version 22.4 r2
Juniper Junos	Version 22.4 r3-s1
Juniper Junos	Version 22.4 r3
Juniper Junos	Version 23.2
Juniper Junos	Version 23.2 r1-s1
Juniper Junos	Version 23.2 r1-s2
Juniper Junos	Version 23.2 r1
Juniper Junos	Version 23.2 r2
Juniper Junos	Version 23.4
Juniper Junos	Version 23.4 r1-s1
Juniper Junos	Version 23.4 r1-s2
Juniper Junos	Version 23.4 r1

Running on/with	Platform Versions
Juniper 2x100ge + 4x10ge Mpc5e	All versions
Juniper 2x100ge + 4x10ge Mpc5eq	All versions
Juniper 2x100ge + 8x10ge Mpc4e	All versions
Juniper 32x10ge Mpc4e	All versions
Juniper 6x40ge + 24x10ge Mpc5e	All versions
Juniper 6x40ge + 24x10ge Mpc5eq	All versions
Juniper Mpc1	All versions
Juniper Mpc1 Q	All versions
Juniper Mpc1e	All versions
Juniper Mpc1e Q	All versions
Juniper Mpc2	All versions
Juniper Mpc2 Eq	All versions
Juniper Mpc2 Q	All versions
Juniper Mpc2e	All versions
Juniper Mpc2e Eq	All versions
Juniper Mpc2e Ng	All versions
Juniper Mpc2e Ng Q	All versions
Juniper Mpc2e P	All versions
Juniper Mpc2e Q	All versions
Juniper Mpc3e	All versions
Juniper Mpc3e 3d Ng	All versions
Juniper Mpc3e 3d Ng Q	All versions
Juniper Mpc6e	All versions
Juniper Mpc7e 10g	All versions
Juniper Mpc7e Mrate	All versions
Juniper Mpc8e	All versions
Juniper Mpc9e	All versions
Juniper Mx2008	All versions
Juniper Mx2010	All versions
Juniper Mx240	All versions
Juniper Mx480	All versions
Juniper Mx960	All versions

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (1)

https://supportportal.juniper.net/

Source: sirt@juniper.net

Permissions Required

Timeline

No history available yet.