Uncontrolled Resource Consumption Vulnerability Affects Juniper Networks' Junos OS Evolved
CVE-2024-39548

7.5HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os Evolved
Vendor: CVE Published:; 11 July 2024

Summary

An Uncontrolled Resource Consumption vulnerability exists within the aftmand process of Junos OS Evolved from Juniper Networks, allowing unauthorized network-based attackers to deplete system memory resources. This exploitation leads to a Denial of Service condition where affected processes fail to recover automatically, necessitating manual intervention for system restoration. The vulnerability is present in configurations using both IPv4 and IPv6 protocols, amplifying its impact on networked systems. Administrators can monitor memory usage to identify potential exploitation via specific commands. Immediate attention is required for all versions prior to the identified safe versions.

Affected Version(s)

Junos OS Evolved 0 < 21.2R3-S8-EVO

Junos OS Evolved 21.3 < 21.3R3-S5-EVO

Junos OS Evolved 21.4 < 21.4R3-S5-EVO

References

https://supportportal.juniper.net/JSA83010

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2024
Vulnerability Reserved
Jun 25, 2024

Collectors

NVD DatabaseMitre Database