CVE-2024-39548

EUVD-2024-38074

11.07.2024, 17:15

An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service (DoS) condition. The processes do not recover on their own and must be manually restarted.

This issue affects both IPv4 and IPv6. 

Changes in memory usage can be monitored using the following CLI command:
user@device> show system memory node <fpc slot> | grep evo-aftmann
This issue affects Junos OS Evolved: 



  *  All versions before 21.2R3-S8-EVO, 
  *  21.3 versions before 21.3R3-S5-EVO, 
  *  21.4 versions before 21.4R3-S5-EVO, 
  *  22.1 versions before 22.1R3-S4-EVO, 
  *  22.2 versions before 22.2R3-S4-EVO,
  *  22.3 versions before 22.3R3-S3-EVO,
  *  22.4 versions before 22.4R2-S2-EVO, 22.4R3-EVO, 
  *  23.2 versions before 23.2R1-S1-EVO, 23.2R2-EVO.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 64%

Affected Products (NVD)

Vendor	Product	Version
juniper	junos_os_evolved	𝑥 < 21.2
juniper	junos_os_evolved	21.2
juniper	junos_os_evolved	21.2:r1
juniper	junos_os_evolved	21.2:r1-s1
juniper	junos_os_evolved	21.2:r1-s2
juniper	junos_os_evolved	21.2:r2
juniper	junos_os_evolved	21.2:r2-s1
juniper	junos_os_evolved	21.2:r2-s2
juniper	junos_os_evolved	21.2:r3
juniper	junos_os_evolved	21.2:r3-s1
juniper	junos_os_evolved	21.2:r3-s2
juniper	junos_os_evolved	21.2:r3-s3
juniper	junos_os_evolved	21.2:r3-s4
juniper	junos_os_evolved	21.2:r3-s5
juniper	junos_os_evolved	21.2:r3-s6
juniper	junos_os_evolved	21.2:r3-s7
juniper	junos_os_evolved	21.3
juniper	junos_os_evolved	21.3:r1
juniper	junos_os_evolved	21.3:r1-s1
juniper	junos_os_evolved	21.3:r2
juniper	junos_os_evolved	21.3:r2-s1
juniper	junos_os_evolved	21.3:r2-s2
juniper	junos_os_evolved	21.3:r3
juniper	junos_os_evolved	21.3:r3-s1
juniper	junos_os_evolved	21.3:r3-s2
juniper	junos_os_evolved	21.3:r3-s3
juniper	junos_os_evolved	21.3:r3-s4
juniper	junos_os_evolved	21.4
juniper	junos_os_evolved	21.4:r1
juniper	junos_os_evolved	21.4:r1-s1
juniper	junos_os_evolved	21.4:r1-s2
juniper	junos_os_evolved	21.4:r2
juniper	junos_os_evolved	21.4:r2-s1
juniper	junos_os_evolved	21.4:r2-s2
juniper	junos_os_evolved	21.4:r3
juniper	junos_os_evolved	21.4:r3-s1
juniper	junos_os_evolved	21.4:r3-s2
juniper	junos_os_evolved	21.4:r3-s3
juniper	junos_os_evolved	21.4:r3-s4
juniper	junos_os_evolved	22.1
juniper	junos_os_evolved	22.1:r1
juniper	junos_os_evolved	22.1:r1-s1
juniper	junos_os_evolved	22.1:r1-s2
juniper	junos_os_evolved	22.1:r2
juniper	junos_os_evolved	22.1:r2-s1
juniper	junos_os_evolved	22.1:r3
juniper	junos_os_evolved	22.1:r3-s1
juniper	junos_os_evolved	22.1:r3-s2
juniper	junos_os_evolved	22.1:r3-s3
juniper	junos_os_evolved	22.2
juniper	junos_os_evolved	22.2:r1
juniper	junos_os_evolved	22.2:r1-s1
juniper	junos_os_evolved	22.2:r1-s2
juniper	junos_os_evolved	22.2:r2
juniper	junos_os_evolved	22.2:r2-s1
juniper	junos_os_evolved	22.2:r2-s2
juniper	junos_os_evolved	22.2:r3
juniper	junos_os_evolved	22.2:r3-s1
juniper	junos_os_evolved	22.2:r3-s2
juniper	junos_os_evolved	22.2:r3-s3
juniper	junos_os_evolved	22.3
juniper	junos_os_evolved	22.3:r1
juniper	junos_os_evolved	22.3:r1-s1
juniper	junos_os_evolved	22.3:r1-s2
juniper	junos_os_evolved	22.3:r2
juniper	junos_os_evolved	22.3:r2-s1
juniper	junos_os_evolved	22.3:r2-s2
juniper	junos_os_evolved	22.3:r3
juniper	junos_os_evolved	22.3:r3-s1
juniper	junos_os_evolved	22.3:r3-s2
juniper	junos_os_evolved	22.4
juniper	junos_os_evolved	22.4:r1
juniper	junos_os_evolved	22.4:r1-s1
juniper	junos_os_evolved	22.4:r1-s2
juniper	junos_os_evolved	22.4:r2
juniper	junos_os_evolved	22.4:r2-s1
juniper	junos_os_evolved	22.4:r3
juniper	junos_os_evolved	23.2
juniper	junos_os_evolved	23.2:r1
juniper	junos_os_evolved	23.2:r2

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
juniper	junos_os_evolved	𝑥 < 21.2R3-S8-EVO	ADP
juniper	junos_os_evolved	21.3 ≤ 𝑥 < 21.3R3-S5-EVO	ADP
juniper	junos_os_evolved	21.4 ≤ 𝑥 < 21.4R3-S5-EVO	ADP
juniper	junos_os_evolved	22.1 ≤ 𝑥 < 22.1R3-S4-EVO	ADP
juniper	junos_os_evolved	22.2 ≤ 𝑥 < 22.2R3-S4	ADP
juniper	junos_os_evolved	22.3 ≤ 𝑥 < 22.3R3-S3-EVO	ADP
juniper	junos_os_evolved	22.4 ≤ 𝑥 < 22.4R2-S2-EVO	ADP
juniper	junos_os_evolved	22.4 ≤ 𝑥 < 22.4R3-EVO	ADP
juniper	junos_os_evolved	23.2 ≤ 𝑥 < 23.2R1-S1-EVO	ADP
juniper	junos_os_evolved	23.2 ≤ 𝑥 < 23.2R2-EVO	ADP

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

https://supportportal.juniper.net/JSA83010