CVE-2024-21602

Summary

CVE-2024-21602 is a NULL Pointer Dereference vulnerability impacting Juniper Networks Junos OS Evolved on specific ACX series models. An unauthenticated attacker can exploit this vulnerability by sending a malicious IPv4 UDP packet to the Routing Engine, causing a Denial of Service (DoS) via packetio crashes and restarts. continued receipt of such packets leads to a sustained DoS. This issue does not affect IPv6 packets and versions of Junos OS Evolved earlier than 21.4R1-EVO are not impacted. Affected versions include 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R3-EVO, and 22.3R2-EVO on ACX7024, ACX7100-32C, and ACX7100-48L models.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.