CVE-2024-39513
Junos OS Evolved: Execution of a specific CLI command will cause a crash in the AFT manager
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Junos OS Evolved: Execution of a specific CLI command will cause a crash in the AFT manager
| Assigner | juniper |
| Reserved | 2024-06-25 |
| Published | 2024-07-10 |
| Updated | 2024-08-02 |
An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows a local, low-privileged attacker to cause a Denial of Service (DoS). When a specific "clear" command is run, the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) crashes and restarts. The crash impacts all traffic going through the FPCs, causing a DoS. Running the command repeatedly leads to a sustained DoS condition. This issue affects Junos OS Evolved: * All versions before 20.4R3-S9-EVO, * from 21.2-EVO before 21.2R3-S7-EVO, * from 21.3-EVO before 21.3R3-S5-EVO, * from 21.4-EVO before 21.4R3-S6-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.
| CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | |
| CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:A |
CWE-20 Improper Input Validation
https://supportportal.juniper.net/JSA82978
