CVE-2024-47501
6.8
Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:XShow more
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:XShow less
Source: sirt@juniper.net (Secondary)
Description
A NULL Pointer Dereference vulnerability in the
packet forwarding engine (pfe) of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS).
In a VPLS or Junos Fusion scenario, the execution of specific show commands will cause all FPCs hosting VPLS sessions or connecting to satellites to crash and restart.
This issue affects Junos on MX304, MX with MPC10/11/LC9600 and EX9200 with EX9200-15C:
* All version before 21.2R3-S1,
* 21.3 versions before 21.3R3,
* 21.4 versions before 21.4R2.
Affected (20)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 21.2 |
| Running on/with | Platform Versions |
|---|---|
Juniper Ex9200 | All versions |
Juniper Ex9200 15c | All versions |
Juniper Mpc10e 10c | All versions |
Juniper Mpc10e 15c | All versions |
Juniper Mpc11 | All versions |
Juniper Mx10003 | All versions |
Juniper Mx10004 | All versions |
Juniper Mx10008 | All versions |
Juniper Mx10016 | All versions |
Juniper Mx2008 | All versions |
Juniper Mx2010 | All versions |
Juniper Mx240 | All versions |
Juniper Mx304 | All versions |
Juniper Mx480 | All versions |
Juniper Mx960 | All versions |
Related CWEs
References (1)
Timeline
No history available yet.