{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-47501",
        "ASSIGNER": "sirt@juniper.net",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A NULL Pointer Dereference vulnerability in the \n\npacket forwarding engine (pfe)\u00a0of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and\u00a0EX9200 with EX9200-15C allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS).\n\nIn a VPLS or Junos Fusion scenario, the execution of specific show commands will cause all FPCs hosting VPLS sessions or connecting to satellites to crash and restart.\n\nThis issue affects Junos on\u00a0MX304, MX with MPC10/11/LC9600 and EX9200 with EX9200-15C:\u00a0\n\n\n\n  *  All version before 21.2R3-S1,\n  *  21.3 versions before 21.3R3,\u00a0\n  *  21.4 versions before 21.4R2."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-476 NULL Pointer Dereference",
                        "cweId": "CWE-476"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Juniper Networks",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Junos OS",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "0",
                                            "version_value": "21.2R3-S1"
                                        },
                                        {
                                            "version_affected": "<",
                                            "version_name": "21.3",
                                            "version_value": "21.3R3"
                                        },
                                        {
                                            "version_affected": "<",
                                            "version_name": "21.4",
                                            "version_value": "21.4R2"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://supportportal.juniper.net/JSA88131",
                "refsource": "MISC",
                "name": "https://supportportal.juniper.net/JSA88131"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "advisory": "JSA88131",
        "defect": [
            "1619137"
        ],
        "discovery": "USER"
    },
    "configuration": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "To be exposed to this issue at least a minimal VPLS or Junos Fusion configuration like the following need to be present:<br><br><tt>[ routing-instances&nbsp;&lt;RI_name&gt; instance-type vpls ]<br><br>[ chassis satellite-management ... ]</tt>"
                }
            ],
            "value": "To be exposed to this issue at least a minimal VPLS or Junos Fusion configuration like the following need to be present:\n\n[ routing-instances\u00a0<RI_name> instance-type vpls ]\n\n[ chassis satellite-management ... ]"
        }
    ],
    "work_around": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "There are no known workarounds for this issue.<p>To reduce the risk of exploitation use access lists or firewall filters to limit access to the device only from trusted, administrative networks, hosts, and users.</p>\n\n<br>"
                }
            ],
            "value": "There are no known workarounds for this issue.To reduce the risk of exploitation use access lists or firewall filters to limit access to the device only from trusted, administrative networks, hosts, and users."
        }
    ],
    "exploit": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
            ],
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
    ],
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S1, 21.3R3, 21.4R2, 22.1R1, and all subsequent releases."
                }
            ],
            "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S1, 21.3R3, 21.4R2, 22.1R1, and all subsequent releases."
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
            }
        ]
    }
}