CVE-2024-21602
Published: 12 January 2024
Summary
CVE-2024-21602 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Juniper Junos Os Evolved. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 40.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-19250
Vulnerability details
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a specific IPv4 UDP packet is received and sent to the…
more
Routing Engine (RE) packetio crashes and restarts which causes a momentary traffic interruption. Continued receipt of such packets will lead to a sustained DoS. This issue does not happen with IPv6 packets. This issue affects Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L: * 21.4-EVO versions earlier than 21.4R3-S6-EVO; * 22.1-EVO versions earlier than 22.1R3-S5-EVO; * 22.2-EVO versions earlier than 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions earlier than 22.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions earlier than 21.4R1-EVO.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The NULL pointer dereference vulnerability enables unauthenticated network-based attackers to exploit the system via crafted IPv4 UDP packets, crashing the Routing Engine packetio process and causing sustained DoS, directly facilitating T1499.004 (Application or System Exploitation for endpoint DoS).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.