// For flags

CVE-2024-47509

Junos OS Evolved: Specific low privileged CLI commands and SNMP GET requests can trigger a resource leak #3

Severity Score

7.1
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover.

GUID exhaustion will trigger a syslog message like one of the following:

evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ...
evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ...
The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids:





user@host> show platform application-info allocations app evo-pfemand/evo-pfemand



In case one or more of these values are constantly increasing the leak is happening.

This issue affects Junos OS Evolved:



* All versions before 21.4R2-EVO,
* 22.1 versions before 22.1R2-EVO.





Please note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47508.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
None
None
Integrity
None
None
Availability
High
Low
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
None
None
Integrity
None
None
Availability
High
Low
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-09-25 CVE Reserved
  • 2024-10-11 CVE Published
  • 2024-10-11 CVE Updated
  • 2024-10-12 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://supportportal.juniper.net 2024-10-11
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
 >= 21.4 < 21.4R2-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 21.4 < 21.4R2-EVO"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
 >= 22.1 < 22.1R2-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.1 < 22.1R2-EVO"
en
Affected