CVSS 3.1 Score 7.5 of 10 (high)


Published Jan 12, 2024
Updated: Jan 19, 2024
CWE ID 476


CVE-2024-21602 is a NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C, and ACX7100-48L. This vulnerability allows an unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific IPv4 UDP packet to the Routing Engine (RE), resulting in the packetio crashing and restarting. The issue does not affect IPv6 packets. The affected versions are 21.4-EVO earlier than 21.4R3-S6-EVO, 22.1-EVO earlier than 22.1R3-S5-EVO, 22.2-EVO earlier than 22.2R2-S1-EVO and 22.2R3-EVO, and 22.3-EVO earlier than 22.3R2-EVO. Organizations using these versions should update to the specified patched versions to remediate the vulnerability. The potential danger posed by this vulnerability is a sustained DoS attack leading to traffic interruptions for affected organizations.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-21602 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options