cve-2024-47496
Vulnerability from cvelistv5
Published
2024-10-11 15:28
Modified
2024-10-11 17:42
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:A
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:A
EPSS score ?
Summary
Junos OS: MX Series: The PFE will crash on running specific command
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Juniper Networks | Junos OS |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:42:30.490508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T17:42:39.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S5",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S4",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-10-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A\u0026nbsp;NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen a specific command is executed, the pfe crashes.\u0026nbsp;\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eThis will cause traffic forwarding to be interrupted until the system self-recovers. R\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eepeated execution will create a sustained DoS condition.\u003cbr\u003e\u003cbr\u003e \u003c/span\u003e\u003c/span\u003eThis issue only affects MX Series devices with Line cards MPC1-MPC9.\u003cbr\u003e\u003cp\u003eThis issue affects:\u003cbr\u003eJunos OS on MX Series: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S9, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S4, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S1, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A\u00a0NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).\n\nWhen a specific command is executed, the pfe crashes.\u00a0This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will create a sustained DoS condition.\n\n This issue only affects MX Series devices with Line cards MPC1-MPC9.\nThis issue affects:\nJunos OS on MX Series: \n\n\n * All versions before 21.4R3-S9, \n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.3 before 22.3R3-S4, \n * from 22.4 before 22.4R3-S2, \n * from 23.2 before 23.2R2-S1, \n * from 23.4 before 23.4R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:A",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T15:28:13.727Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases of Junos OS have been updated to resolve this specific issue: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S2, 23.2R2-S1, 23.4R2, 24.2R1 and all subsequent releases."
}
],
"value": "The following software releases of Junos OS have been updated to resolve this specific issue: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S2, 23.2R2-S1, 23.4R2, 24.2R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA88123",
"defect": [
"1784593"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: MX Series: The PFE will crash on running specific command",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue.\u003cbr\u003eUse access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e"
}
],
"value": "There are no known workarounds for this issue.\nUse access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-47496",
"datePublished": "2024-10-11T15:28:13.727Z",
"dateReserved": "2024-09-25T15:26:52.609Z",
"dateUpdated": "2024-10-11T17:42:39.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-47496\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2024-10-11T16:15:10.080\",\"lastModified\":\"2024-10-15T12:58:51.050\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A\u00a0NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).\\n\\nWhen a specific command is executed, the pfe crashes.\u00a0This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will create a sustained DoS condition.\\n\\n This issue only affects MX Series devices with Line cards MPC1-MPC9.\\nThis issue affects:\\nJunos OS on MX Series: \\n\\n\\n * All versions before 21.4R3-S9, \\n * from 22.2 before 22.2R3-S5,\u00a0\\n * from 22.3 before 22.3R3-S4, \\n * from 22.4 before 22.4R3-S2, \\n * from 23.2 before 23.2R2-S1, \\n * from 23.4 before 23.4R2.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de desreferencia de puntero nulo en el motor de reenv\u00edo de paquetes (pfe) de Juniper Networks Junos OS permite a un atacante local con pocos privilegios provocar una denegaci\u00f3n de servicio (DoS). Cuando se ejecuta un comando espec\u00edfico, el pfe se bloquea. Esto provocar\u00e1 que el reenv\u00edo de tr\u00e1fico se interrumpa hasta que el sistema se recupere por s\u00ed solo. La ejecuci\u00f3n repetida crear\u00e1 una condici\u00f3n de DoS sostenida. Este problema solo afecta a los dispositivos de la serie MX con tarjetas de l\u00ednea MPC1-MPC9. Este problema afecta a: Junos OS en la serie MX: * Todas las versiones anteriores a 21.4R3-S9, * desde 22.2 hasta 22.2R3-S5, * desde 22.3 hasta 22.3R3-S4, * desde 22.4 hasta 22.4R3-S2, * desde 23.2 hasta 23.2R2-S1, * desde 23.4 hasta 23.4R2.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"NONE\",\"vulnerableSystemIntegrity\":\"NONE\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"AUTOMATIC\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/\",\"source\":\"sirt@juniper.net\"}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.