CVE-2024-47501

Опубликовано: 11 окт. 2024

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

A NULL Pointer Dereference vulnerability in the

packet forwarding engine (pfe) of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS).

In a VPLS or Junos Fusion scenario, the execution of specific show commands will cause all FPCs hosting VPLS sessions or connecting to satellites to crash and restart.

This issue affects Junos on MX304, MX with MPC10/11/LC9600 and EX9200 with EX9200-15C:

All version before 21.2R3-S1,
21.3 versions before 21.3R3,
21.4 versions before 21.4R2.

Ссылки

https://supportportal.juniper.net/JSA88131
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*

Версия до 21.2 (исключая)

cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*

Одно из

cpe:2.3:h:juniper:ex9200:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:ex9200-15c:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:mpc10e-10c:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:mpc10e-15c:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:mpc11:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:mx10003:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:mx10016:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00106

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-476

Связанные уязвимости

GHSA-9w3v-447q-g6xg

CVSS3: 5.5

github

больше 1 года назад

A NULL Pointer Dereference vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In a VPLS or Junos Fusion scenario, the execution of specific show commands will cause all FPCs hosting VPLS sessions or connecting to satellites to crash and restart. This issue affects Junos on MX304, MX with MPC10/11/LC9600 and EX9200 with EX9200-15C: * All version before 21.2R3-S1, * 21.3 versions before 21.3R3, * 21.4 versions before 21.4R2.

BDU:2024-08470

CVSS3: 5.5

fstec

больше 1 года назад

Уязвимость модуля Packet Forwarding Engine (PFE) операционной системы Juniper Networks Junos OS, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 29%

0.00106

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-476