CVE-2024-39548 Information

Description

An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to consume memory resources resulting in a Denial of Service (DoS) condition. The processes do not recover on their own and must be manually restarted.

This issue affects both IPv4 and IPv6. 

Changes in memory usage can be monitored using the following CLI command: user@device> show system memory node | grep evo-aftmann This issue affects Junos OS Evolved: 

All versions before 21.2R3-S8-EVO 
21.3 versions before 21.3R3-S5-EVO 
21.4 versions before 21.4R3-S5-EVO 
22.1 versions before 22.1R3-S4-EVO 
22.2 versions before 22.2R3-S4-EVO
22.3 versions before 22.3R3-S3-EVO
22.4 versions before 22.4R2-S2-EVO 22.4R3-EVO 
23.2 versions before 23.2R1-S1-EVO 23.2R2-EVO.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://supportportal.juniper.net/JSA83010

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5