CVE-2024-47496 — MEDIUM (5.5)

Q: How severe is CVE-2024-47496?

CVE-2024-47496 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-47496?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper 2X100Ge \+ 4X10Ge Mpc5E, Juniper 2X100Ge \+ 4X10Ge Mpc5Eq, Juniper 2X100Ge \+ 8X10Ge Mpc4E, Juniper 32X10Ge Mpc4E.

Vulnerability Description

A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific command is executed, the pfe crashes. This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will create a sustained DoS condition. This issue only affects MX Series devices with Line cards MPC1-MPC9. This issue affects: Junos OS on MX Series: * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Juniper	Junos	< 21.4
Juniper	2X100Ge \+ 4X10Ge Mpc5E	-
Juniper	2X100Ge \+ 4X10Ge Mpc5Eq	-
Juniper	2X100Ge \+ 8X10Ge Mpc4E	-
Juniper	32X10Ge Mpc4E	-
Juniper	6X40Ge \+ 24X10Ge Mpc5E	-
Juniper	6X40Ge \+ 24X10Ge Mpc5Eq	-
Juniper	Mpc1	-
Juniper	Mpc1 Q	-
Juniper	Mpc1E	-
Juniper	Mpc1E Q	-
Juniper	Mpc2	-
Juniper	Mpc2 Eq	-
Juniper	Mpc2 Q	-
Juniper	Mpc2E	-
Juniper	Mpc2E Eq	-
Juniper	Mpc2E Ng	-
Juniper	Mpc2E Ng Q	-
Juniper	Mpc2E P	-
Juniper	Mpc2E Q	-

Related Weaknesses (CWE)

CWE-476

References

https://supportportal.juniper.net/Permissions Required

FAQ

What is CVE-2024-47496?

CVE-2024-47496 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific...

How severe is CVE-2024-47496?

CVE-2024-47496 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-47496?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper 2X100Ge \+ 4X10Ge Mpc5E, Juniper 2X100Ge \+ 4X10Ge Mpc5Eq, Juniper 2X100Ge \+ 8X10Ge Mpc4E, Juniper 32X10Ge Mpc4E.