Juniper Networks Junos OS Chassis Daemon NULL Pointer Dereference Vulnerability Allowing Denial-of-Service

A NULL pointer dereference vulnerability has been identified in the chassis daemon (chassisd) of Juniper Networks Junos OS. This vulnerability affects MX, SRX, and EX Series devices, all versions prior to 22.4R3-S8, as well as specific 23.2, 23.4, 24.2, and 24.4 versions. The vulnerability allows a local attacker with low privileges to cause a denial-of-service condition. When the 'show chassis' command is executed with specially crafted options, the chassisd process crashes and restarts. This crash reinitializes all components except the Routing Engine, leading to a complete service outage, although the system eventually recovers automatically.

Impact

Exploitation of this vulnerability causes the chassisd process to crash, leading to a denial-of-service condition where all components except the Routing Engine are reinitialized, causing a complete service outage.

Remediation

Users can upgrade to Junos OS versions 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, or any subsequent release. To prevent exploitation of this vulnerability, CLI authorization can be used to restrict the execution of the 'show chassis' command.