CVE-2024-30403 — NULL Pointer Dereference in Networks Junos OS Evolved

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.1%

top 77.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedApr 12

Description

A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps, an Advanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead…

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os_evolved23.2-EVO — 23.2R1-S1-EVO, 23.2R2-EVO

▶NVDjuniper/junos_os_evolved23.2

🔴Vulnerability Details

CVEList

Junos OS Evolved: When MAC learning happens, and an interface gets flapped, the PFE crashes↗2024-04-12

▶

GHSA

GHSA-hxmw-j74g-j23w: A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacen↗2024-04-12

▶

📋Vendor Advisories

Juniper

CVE-2024-30403: A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacen↗2024-04-12

▶