// For flags

CVE-2024-39548

Junos OS Evolved: Receipt of specific packets in the aftmand process will lead to a memory leak

Severity Score

7.1
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service (DoS) condition. The processes do not recover on their own and must be manually restarted.

This issue affects both IPv4 and IPv6. 

Changes in memory usage can be monitored using the following CLI command:
user@device> show system memory node <fpc slot> | grep evo-aftmann
This issue affects Junos OS Evolved: 



* All versions before 21.2R3-S8-EVO, 
* 21.3 versions before 21.3R3-S5-EVO, 
* 21.4 versions before 21.4R3-S5-EVO, 
* 22.1 versions before 22.1R3-S4-EVO, 
* 22.2 versions before 22.2R3-S4-EVO,
* 22.3 versions before 22.3R3-S3-EVO,
* 22.4 versions before 22.4R2-S2-EVO, 22.4R3-EVO, 
* 23.2 versions before 23.2R1-S1-EVO, 23.2R2-EVO.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
None
None
Integrity
None
None
Availability
High
Low
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-06-25 CVE Reserved
  • 2024-07-11 CVE Published
  • 2024-07-12 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper Networks
Search vendor "Juniper Networks"
Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
< 21.2R3-S8-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " < 21.2R3-S8-EVO"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
>= 21.3 < 21.3R3-S5-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 21.3 < 21.3R3-S5-EVO"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
>= 21.4 < 21.4R3-S5-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 21.4 < 21.4R3-S5-EVO"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
>= 22.1 < 22.1R3-S4-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.1 < 22.1R3-S4-EVO"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
>= 22.2 < 22.2R3-S4
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.2 < 22.2R3-S4"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
>= 22.3 < 22.3R3-S3-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.3 < 22.3R3-S3-EVO"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
>= 22.4 < 22.4R2-S2-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.4 < 22.4R2-S2-EVO"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
>= 22.4 < 22.4R3-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.4 < 22.4R3-EVO"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
>= 23.2 < 23.2R1-S1-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 23.2 < 23.2R1-S1-EVO"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
>= 23.2 < 23.2R2-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 23.2 < 23.2R2-EVO"
en
Affected