CVE-2024-47496 - Vulnerability Details

A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).

When a specific command is executed, the pfe crashes. This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will create a sustained DoS condition.

This issue only affects MX Series devices with Line cards MPC1-MPC9.
This issue affects:
Junos OS on MX Series:

* All versions before 21.4R3-S9,
* from 22.2 before 22.2R3-S5,
* from 22.3 before 22.3R3-S4,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R2.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00053.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Juniper Subscribe	2x100ge \+ 4x10ge Mpc5e Subscribe 2x100ge \+ 4x10ge Mpc5eq Subscribe 2x100ge \+ 8x10ge Mpc4e Subscribe 32x10ge Mpc4e Subscribe 6x40ge \+ 24x10ge Mpc5e Subscribe 6x40ge \+ 24x10ge Mpc5eq Subscribe Junos Subscribe Mpc1 Subscribe Mpc1 Q Subscribe Mpc1e Subscribe Mpc1e Q Subscribe Mpc2 Subscribe Mpc2 Eq Subscribe Mpc2 Q Subscribe Mpc2e Subscribe Mpc2e Eq Subscribe Mpc2e Ng Subscribe Mpc2e Ng Q Subscribe Mpc2e P Subscribe Mpc2e Q Subscribe Mpc3e Subscribe Mpc3e-3d-ng Subscribe Mpc3e-3d-ng-q Subscribe Mpc6e Subscribe Mpc7e-10g Subscribe Mpc7e-mrate Subscribe Mpc8e Subscribe Mpc9e Subscribe Mx2008 Subscribe Mx2010 Subscribe Mx240 Subscribe Mx480 Subscribe Mx960 Subscribe
Juniper Networks Subscribe	Junos Os Subscribe

Configuration 1 [-]

AND

OR	cpe:2.3:o:juniper:junos::::::::
	cpe:2.3:o:juniper:junos:21.4:-::::::
	cpe:2.3:o:juniper:junos:21.4:r1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r2::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s10::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s11::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s12::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s4::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s5::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s6::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s7::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s8::::::
	cpe:2.3:o:juniper:junos:22.2:-::::::
	cpe:2.3:o:juniper:junos:22.2:r1::::::
	cpe:2.3:o:juniper:junos:22.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r2::::::
	cpe:2.3:o:juniper:junos:22.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r3::::::
	cpe:2.3:o:juniper:junos:22.2:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r3-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r3-s3::::::
	cpe:2.3:o:juniper:junos:22.2:r3-s4::::::
	cpe:2.3:o:juniper:junos:22.3:-::::::
	cpe:2.3:o:juniper:junos:22.3:r1::::::
	cpe:2.3:o:juniper:junos:22.3:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.3:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.3:r2::::::
	cpe:2.3:o:juniper:junos:22.3:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.3:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.3:r3::::::
	cpe:2.3:o:juniper:junos:22.3:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.3:r3-s2::::::
	cpe:2.3:o:juniper:junos:22.3:r3-s3::::::
	cpe:2.3:o:juniper:junos:22.4:-::::::
	cpe:2.3:o:juniper:junos:22.4:r1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r2::::::
	cpe:2.3:o:juniper:junos:22.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r3::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:23.2:-::::::
	cpe:2.3:o:juniper:junos:23.2:r1::::::
	cpe:2.3:o:juniper:junos:23.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:23.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:23.2:r2::::::
	cpe:2.3:o:juniper:junos:23.4:-::::::
	cpe:2.3:o:juniper:junos:23.4:r1::::::
	cpe:2.3:o:juniper:junos:23.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:23.4:r1-s2::::::

OR	cpe:2.3:h:juniper:2x100ge_\+_4x10ge_mpc5e:-:::::::*
	cpe:2.3:h:juniper:2x100ge_\+_4x10ge_mpc5eq:-:::::::*
	cpe:2.3:h:juniper:2x100ge_\+_8x10ge_mpc4e:-:::::::*
	cpe:2.3:h:juniper:32x10ge_mpc4e:-:::::::*
	cpe:2.3:h:juniper:6x40ge_\+_24x10ge_mpc5e:-:::::::*
	cpe:2.3:h:juniper:6x40ge_\+_24x10ge_mpc5eq:-:::::::*
	cpe:2.3:h:juniper:mpc1:-:::::::*
	cpe:2.3:h:juniper:mpc1_q:-:::::::*
	cpe:2.3:h:juniper:mpc1e:-:::::::*
	cpe:2.3:h:juniper:mpc1e_q:-:::::::*
	cpe:2.3:h:juniper:mpc2:-:::::::*
	cpe:2.3:h:juniper:mpc2_eq:-:::::::*
	cpe:2.3:h:juniper:mpc2_q:-:::::::*
	cpe:2.3:h:juniper:mpc2e:-:::::::*
	cpe:2.3:h:juniper:mpc2e_eq:-:::::::*
	cpe:2.3:h:juniper:mpc2e_ng:-:::::::*
	cpe:2.3:h:juniper:mpc2e_ng_q:-:::::::*
	cpe:2.3:h:juniper:mpc2e_p:-:::::::*
	cpe:2.3:h:juniper:mpc2e_q:-:::::::*
	cpe:2.3:h:juniper:mpc3e:-:::::::*
	cpe:2.3:h:juniper:mpc3e-3d-ng:-:::::::*
	cpe:2.3:h:juniper:mpc3e-3d-ng-q:-:::::::*
	cpe:2.3:h:juniper:mpc6e:-:::::::*
	cpe:2.3:h:juniper:mpc7e-10g:-:::::::*
	cpe:2.3:h:juniper:mpc7e-mrate:-:::::::*
	cpe:2.3:h:juniper:mpc8e:-:::::::*
	cpe:2.3:h:juniper:mpc9e:-:::::::*
	cpe:2.3:h:juniper:mx2008:-:::::::*
	cpe:2.3:h:juniper:mx2010:-:::::::*
	cpe:2.3:h:juniper:mx240:-:::::::*
	cpe:2.3:h:juniper:mx480:-:::::::*
	cpe:2.3:h:juniper:mx960:-:::::::*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Juniper Networks Subscribe	Junos Os Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2024-42500	A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific command is executed, the pfe crashes. This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will create a sustained DoS condition. This issue only affects MX Series devices with Line cards MPC1-MPC9. This issue affects: Junos OS on MX Series: * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2.

Fixes

Solution

The following software releases of Junos OS have been updated to resolve this specific issue: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S2, 23.2R2-S1, 23.4R2, 24.2R1 and all subsequent releases.

Workaround

There are no known workarounds for this issue. Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.

References

Link	Providers
https://supportportal.juniper.net/

History

Mon, 26 Jan 2026 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Juniper Juniper 2x100ge \+ 4x10ge Mpc5e Juniper 2x100ge \+ 4x10ge Mpc5eq Juniper 2x100ge \+ 8x10ge Mpc4e Juniper 32x10ge Mpc4e Juniper 6x40ge \+ 24x10ge Mpc5e Juniper 6x40ge \+ 24x10ge Mpc5eq Juniper junos Juniper mpc1 Juniper mpc1 Q Juniper mpc1e Juniper mpc1e Q Juniper mpc2 Juniper mpc2 Eq Juniper mpc2 Q Juniper mpc2e Juniper mpc2e Eq Juniper mpc2e Ng Juniper mpc2e Ng Q Juniper mpc2e P Juniper mpc2e Q Juniper mpc3e Juniper mpc3e-3d-ng Juniper mpc3e-3d-ng-q Juniper mpc6e Juniper mpc7e-10g Juniper mpc7e-mrate Juniper mpc8e Juniper mpc9e Juniper mx2008 Juniper mx2010 Juniper mx240 Juniper mx480 Juniper mx960
CPEs		cpe:2.3:h:juniper:2x100ge_\+_4x10ge_mpc5e:-:::::::* cpe:2.3:h:juniper:2x100ge_\+_4x10ge_mpc5eq:-:::::::* cpe:2.3:h:juniper:2x100ge_\+_8x10ge_mpc4e:-:::::::* cpe:2.3:h:juniper:32x10ge_mpc4e:-:::::::* cpe:2.3:h:juniper:6x40ge_\+_24x10ge_mpc5e:-:::::::* cpe:2.3:h:juniper:6x40ge_\+_24x10ge_mpc5eq:-:::::::* cpe:2.3:h:juniper:mpc1:-:::::::* cpe:2.3:h:juniper:mpc1_q:-:::::::* cpe:2.3:h:juniper:mpc1e:-:::::::* cpe:2.3:h:juniper:mpc1e_q:-:::::::* cpe:2.3:h:juniper:mpc2:-:::::::* cpe:2.3:h:juniper:mpc2_eq:-:::::::* cpe:2.3:h:juniper:mpc2_q:-:::::::* cpe:2.3:h:juniper:mpc2e:-:::::::* cpe:2.3:h:juniper:mpc2e_eq:-:::::::* cpe:2.3:h:juniper:mpc2e_ng:-:::::::* cpe:2.3:h:juniper:mpc2e_ng_q:-:::::::* cpe:2.3:h:juniper:mpc2e_p:-:::::::* cpe:2.3:h:juniper:mpc2e_q:-:::::::* cpe:2.3:h:juniper:mpc3e-3d-ng-q:-:::::::* cpe:2.3:h:juniper:mpc3e-3d-ng:-:::::::* cpe:2.3:h:juniper:mpc3e:-:::::::* cpe:2.3:h:juniper:mpc6e:-:::::::* cpe:2.3:h:juniper:mpc7e-10g:-:::::::* cpe:2.3:h:juniper:mpc7e-mrate:-:::::::* cpe:2.3:h:juniper:mpc8e:-:::::::* cpe:2.3:h:juniper:mpc9e:-:::::::* cpe:2.3:h:juniper:mx2008:-:::::::* cpe:2.3:h:juniper:mx2010:-:::::::* cpe:2.3:h:juniper:mx240:-:::::::* cpe:2.3:h:juniper:mx480:-:::::::* cpe:2.3:h:juniper:mx960:-:::::::* cpe:2.3:o:juniper:junos:::::::: cpe:2.3:o:juniper:junos:21.4:-:::::: cpe:2.3:o:juniper:junos:21.4:r1-s1:::::: cpe:2.3:o:juniper:junos:21.4:r1-s2:::::: cpe:2.3:o:juniper:junos:21.4:r1:::::: cpe:2.3:o:juniper:junos:21.4:r2-s1:::::: cpe:2.3:o:juniper:junos:21.4:r2-s2:::::: cpe:2.3:o:juniper:junos:21.4:r2:::::: cpe:2.3:o:juniper:junos:21.4:r3-s10:::::: cpe:2.3:o:juniper:junos:21.4:r3-s11:::::: cpe:2.3:o:juniper:junos:21.4:r3-s12:::::: cpe:2.3:o:juniper:junos:21.4:r3-s1:::::: cpe:2.3:o:juniper:junos:21.4:r3-s2:::::: cpe:2.3:o:juniper:junos:21.4:r3-s3:::::: cpe:2.3:o:juniper:junos:21.4:r3-s4:::::: cpe:2.3:o:juniper:junos:21.4:r3-s5:::::: cpe:2.3:o:juniper:junos:21.4:r3-s6:::::: cpe:2.3:o:juniper:junos:21.4:r3-s7:::::: cpe:2.3:o:juniper:junos:21.4:r3-s8:::::: cpe:2.3:o:juniper:junos:21.4:r3:::::: cpe:2.3:o:juniper:junos:22.2:-:::::: cpe:2.3:o:juniper:junos:22.2:r1-s1:::::: cpe:2.3:o:juniper:junos:22.2:r1-s2:::::: cpe:2.3:o:juniper:junos:22.2:r1:::::: cpe:2.3:o:juniper:junos:22.2:r2-s1:::::: cpe:2.3:o:juniper:junos:22.2:r2-s2:::::: cpe:2.3:o:juniper:junos:22.2:r2:::::: cpe:2.3:o:juniper:junos:22.2:r3-s1:::::: cpe:2.3:o:juniper:junos:22.2:r3-s2:::::: cpe:2.3:o:juniper:junos:22.2:r3-s3:::::: cpe:2.3:o:juniper:junos:22.2:r3-s4:::::: cpe:2.3:o:juniper:junos:22.2:r3:::::: cpe:2.3:o:juniper:junos:22.3:-:::::: cpe:2.3:o:juniper:junos:22.3:r1-s1:::::: cpe:2.3:o:juniper:junos:22.3:r1-s2:::::: cpe:2.3:o:juniper:junos:22.3:r1:::::: cpe:2.3:o:juniper:junos:22.3:r2-s1:::::: cpe:2.3:o:juniper:junos:22.3:r2-s2:::::: cpe:2.3:o:juniper:junos:22.3:r2:::::: cpe:2.3:o:juniper:junos:22.3:r3-s1:::::: cpe:2.3:o:juniper:junos:22.3:r3-s2:::::: cpe:2.3:o:juniper:junos:22.3:r3-s3:::::: cpe:2.3:o:juniper:junos:22.3:r3:::::: cpe:2.3:o:juniper:junos:22.4:-:::::: cpe:2.3:o:juniper:junos:22.4:r1-s1:::::: cpe:2.3:o:juniper:junos:22.4:r1-s2:::::: cpe:2.3:o:juniper:junos:22.4:r1:::::: cpe:2.3:o:juniper:junos:22.4:r2-s1:::::: cpe:2.3:o:juniper:junos:22.4:r2-s2:::::: cpe:2.3:o:juniper:junos:22.4:r2:::::: cpe:2.3:o:juniper:junos:22.4:r3-s1:::::: cpe:2.3:o:juniper:junos:22.4:r3:::::: cpe:2.3:o:juniper:junos:23.2:-:::::: cpe:2.3:o:juniper:junos:23.2:r1-s1:::::: cpe:2.3:o:juniper:junos:23.2:r1-s2:::::: cpe:2.3:o:juniper:junos:23.2:r1:::::: cpe:2.3:o:juniper:junos:23.2:r2:::::: cpe:2.3:o:juniper:junos:23.4:-:::::: cpe:2.3:o:juniper:junos:23.4:r1-s1:::::: cpe:2.3:o:juniper:junos:23.4:r1-s2:::::: cpe:2.3:o:juniper:junos:23.4:r1::::::
Vendors & Products		Juniper Juniper 2x100ge \+ 4x10ge Mpc5e Juniper 2x100ge \+ 4x10ge Mpc5eq Juniper 2x100ge \+ 8x10ge Mpc4e Juniper 32x10ge Mpc4e Juniper 6x40ge \+ 24x10ge Mpc5e Juniper 6x40ge \+ 24x10ge Mpc5eq Juniper junos Juniper mpc1 Juniper mpc1 Q Juniper mpc1e Juniper mpc1e Q Juniper mpc2 Juniper mpc2 Eq Juniper mpc2 Q Juniper mpc2e Juniper mpc2e Eq Juniper mpc2e Ng Juniper mpc2e Ng Q Juniper mpc2e P Juniper mpc2e Q Juniper mpc3e Juniper mpc3e-3d-ng Juniper mpc3e-3d-ng-q Juniper mpc6e Juniper mpc7e-10g Juniper mpc7e-mrate Juniper mpc8e Juniper mpc9e Juniper mx2008 Juniper mx2010 Juniper mx240 Juniper mx480 Juniper mx960

Fri, 11 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 11 Oct 2024 15:45:00 +0000

Type	Values Removed	Values Added
Description		A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific command is executed, the pfe crashes. This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will create a sustained DoS condition. This issue only affects MX Series devices with Line cards MPC1-MPC9. This issue affects: Junos OS on MX Series: * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2.
Title		Junos OS: MX Series: The PFE will crash on running specific command
Weaknesses		CWE-476
References		https://supportportal.juniper.net/
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` cvssV4_0 `{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:A'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2024-10-11T15:28:13.727Z

Updated: 2024-10-11T17:42:39.299Z

Reserved: 2024-09-25T15:26:52.609Z

Link: CVE-2024-47496

Vulnrichment

Updated: 2024-10-11T17:42:35.236Z

NVD

Status : Analyzed

Published: 2024-10-11T16:15:10.080

Modified: 2026-01-26T18:19:15.840

Link: CVE-2024-47496

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-12T22:23:34Z

Weaknesses

CWE-476

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object