Juniper Networks Junos OS Evolved Vulnerable to NULL Pointer Dereference DoS Attack
CVE-2024-30403

6.5MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os Evolved
Vendor: CVE Published:; 12 April 2024

Badges

👾 Exploit Exists

Summary

A NULL Pointer Dereference vulnerability exists in the Packet Forwarding Engine (PFE) of Juniper Networks' Junos OS Evolved, which could be exploited by an unauthenticated, adjacent attacker to trigger a Denial of Service (DoS). The vulnerability arises during the MAC learning process when Layer 2 traffic is processed through a logical interface, particularly if the interface experiences flapping. This results in the Advanced Forwarding Toolkit manager (evo-aftmand-bt) encountering a core dump, followed by a restart of the PFE. If the same triggering events occur repetitively, they can lead to a sustained DoS condition that affects the performance and availability of the affected systems.

Affected Version(s)

Junos OS Evolved 23.2-EVO < 23.2R1-S1-EVO, 23.2R2-EVO

References

https://supportportal.juniper.net/JSA79181

vendor-advisory

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/A...

technical-description

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
May 16, 2024
Vulnerability published
Apr 12, 2024
Vulnerability Reserved
Mar 26, 2024

Collectors

NVD DatabaseMitre Database