PT-2024-7139 · Juniper Networks · Junos

Published

2024-09-25

·

Updated

2024-10-15

·

CVE-2024-47501

CVSS v4.0

6.8

Medium

VectorAV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X
Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 21.2R3-S1 Junos OS versions 21.3 prior to 21.3R3 Junos OS versions 21.4 prior to 21.4R2
Description The issue is related to a NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS. This vulnerability can be exploited to cause a Denial of Service (DoS). In specific scenarios, such as VPLS or Junos Fusion, the execution of certain show commands can cause all FPCs hosting VPLS sessions or connecting to satellites to crash and restart.
Recommendations For Junos OS versions prior to 21.2R3-S1, update to version 21.2R3-S1 or later. For Junos OS versions 21.3 prior to 21.3R3, update to version 21.3R3 or later. For Junos OS versions 21.4 prior to 21.4R2, update to version 21.4R2 or later.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2024-08470
CVE-2024-47501

Affected Products

Junos