Juniper: >> Junos Os Evolved >> 21.2 Security Vulnerabilities
An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer to cause Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, when BGP rib-sharding and update-threading are configured, and a BGP peer flap is done with specific timing, rpd crashes and restarts. Continuous peer flapping at specific time intervals will result in a sustained Denial of Service (DoS) condition.
This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. The issue can occur with or without logical-systems enabled.
This issue affects:
Junos OS:
* All versions before 20.4R3-S8,
* 21.2 versions before 21.2R3-S6,
* 21.3 versions before 21.3R3-S5,
* 21.4 versions before 21.4R3-S4,
* 22.1 versions before 22.1R3-S3,
* 22.2 versions before 22.2R3-S1,
* 22.3 versions before 22.3R3,
* 22.4 versions before 22.4R3.
Junos OS Evolved:
* All versions before 21.2R3-S6-EVO,
* 21.3-EVO versions before 21.3R3-S5-EVO,
* 21.4-EVO versions before 21.4R3-S4-EVO,
* 22.1-EVO versions before 22.1R3-S3-EVO,
* 22.2-EVO versions before :22.2R3-S1-EVO,
* 22.3-EVO versions before 22.3R3-EVO,
* 22.4-EVO versions before 22.4R3-EVO.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-04-09
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart.
This issue does not affect MX Series platforms.
Heap size growth on FPC can be seen using below command.
user@host> show chassis fpc
Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%)
Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer
0 Online 45 3 0 2 2 2 32768 19 0 <<<<<<< Heap increase in all fPCs
This issue affects Junos OS:
* All versions before 21.2R3-S7,
* 21.4 versions before 21.4R3-S4,
* 22.2 versions before 22.2R3-S1,
* 22.3 versions before 22.3R3-S1,
* 22.4 versions before 22.4R2-S2, 22.4R3.
and Junos OS Evolved:
* All versions before 21.2R3-S7-EVO,
* 21.4-EVO versions before 21.4R3-S4-EVO,
* 22.2-EVO versions before 22.2R3-S1-EVO,
* 22.3-EVO versions before 22.3R3-S1-EVO,
* 22.4-EVO versions before 22.4R3-EVO.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-04-09
This is a similar, but different vulnerability than the issue reported as CVE-2024-39549.
A double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS).
This issue affects:
Junos OS: * from 22.4 before 22.4R3-S4.
Junos OS Evolved: * from 22.4 before 22.4R3-S4-EVO.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-02-05
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS).
Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.
This issue affects Junos OS:
* from 21.4 before 21.4R3-S9,
* from 22.2 before 22.2R3-S5,
* from 22.3 before 22.3R3-S4,
* from 22.4 before 22.4R3-S5,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3,
* from 24.2 before 24.2R1-S2, 24.2R2;
This issue does not affect versions prior to 21.1R1.
Junos OS Evolved:
* from 21.4 before 21.4R3-S9-EVO,
* from 22.2 before 22.2R3-S5-EVO,
* from 22.3 before 22.3R3-S4-EVO,
* from 22.4 before 22.4R3-S5-EVO,
* from 23.2 before 23.2R2-S3-EVO,
* from 23.4 before 23.4R2-S3-EVO,
* from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.
This issue does not affect versions prior to 21.1R1-EVO
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-09
An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial-of-Service (DoS).
On devices with SRv6 (Segment Routing over IPv6) enabled, an attacker can send a malformed BGP UPDATE packet which will cause the rpd to crash and restart. Continued receipt of these UPDATE packets will cause a sustained DoS condition.
This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S10,
* from 22.2 before 22.2R3-S5,
* from 22.3 before 22.3R3-S4,
* from 22.4 before 22.4R3-S3,
* from 23.2 before 23.2R2-S2,
* from 23.4 before 23.4R2;
and Junos OS Evolved:
* All versions before 21.2R3-S9-EVO,
* from 21.4-EVO before 21.4R3-S10-EVO,
* from 22.2-EVO before 22.2R3-S5-EVO,
* from 22.3-EVO before 22.3R3-S4-EVO,
* from 22.4-EVO before 22.4R3-S3-EVO,
* from 23.2-EVO before 23.2R2-S2-EVO,
* from 23.4-EVO before 23.4R2-EVO.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-09
An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover.
GUID exhaustion will trigger a syslog message like one of the following:
evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ...
evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ...
The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids:
user@host> show platform application-info allocations app evo-pfemand/evo-pfemand
In case one or more of these values are constantly increasing the leak is happening.
This issue affects Junos OS Evolved:
* All versions before 21.4R2-EVO,
* 22.1 versions before 22.1R2-EVO.
Please note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47508.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-10-11
An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover.
GUID exhaustion will trigger a syslog message like one of the following:
evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ...
evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ...
The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids:
user@host> show platform application-info allocations app evo-pfemand/evo-pfemand
In case one or more of these values are constantly increasing the leak is happening.
This issue affects Junos OS Evolved:
* All versions before 21.4R3-S7-EVO,
* 22.1 versions before 22.1R3-S6-EVO,
* 22.2 versions before 22.2R3-EVO,
* 22.3 versions before 22.3R3-EVO,
* 22.4 versions before 22.4R2-EVO.
Please note that this issue is similar to, but different from CVE-2024-47508 and CVE-2024-47509.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-10-11
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream devices.
When a peer sends a BGP update message which contains the aggregator attribute with an ASN value of zero (0), rpd accepts and propagates this attribute, which can cause issues for downstream BGP peers receiving this.
This issue affects:
Junos OS:
* All versions before 21.4R3-S6,
* 22.2 versions before 22.2R3-S3,
* 22.4 versions before 22.4R3;
Junos OS Evolved:
* All versions before 21.4R3-S7-EVO,
* 22.2 versions before 22.2R3-S4-EVO,
* 22.4 versions before 22.4R3-EVO.
CVSS Score
5.8
EPSS Score
0.003
Published
2024-10-11
An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover.
GUID exhaustion will trigger a syslog message like one of the following:
evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ...
evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ...
The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids:
user@host> show platform application-info allocations app evo-pfemand/evo-pfemand
In case one or more of these values are constantly increasing the leak is happening.
This issue affects Junos OS Evolved:
* All versions before 21.2R3-S8-EVO,
* 21.3 versions before 21.3R3-EVO;
* 21.4 versions before 22.1R2-EVO,
* 22.1 versions before 22.1R1-S1-EVO, 22.1R2-EVO.
Please note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47509.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-10-11
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).
In specific cases the state of TCP sessions that are terminated is not cleared, which over time leads to an exhaustion of resources, preventing new connections to the control plane from being established.
A continuously increasing number of connections shown by:
user@host > show system connections
is indicative of the problem. To recover the respective RE needs to be restarted manually.
This issue only affects IPv4 but does not affect IPv6.
This issue only affects TCP sessions established in-band (over an interface on an FPC) but not out-of-band (over the management ethernet port on the routing-engine).
This issue affects Junos OS Evolved:
* All versions before 21.4R3-S9-EVO,
* 22.2 versions before 22.2R3-S4-EVO,
* 22.4 version before 22.4R3-S3-EVO,
* 23.2 versions before 23.2R2-S1-EVO,
* 23.4 versions before 23.4R2-EVO.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-10-11