Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Network
0

CVE-2024-47509

Disclosure Date: October 11, 2024
CVE-2024-47509 CVSS v3 Base Score: 6.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover.

GUID exhaustion will trigger a syslog message like one of the following:

evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space …
evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space …
The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids:

user@host> show platform application-info allocations app evo-pfemand/evo-pfemand

In case one or more of these values are constantly increasing the leak is happening.

This issue affects Junos OS Evolved:

  • All versions before 21.4R2-EVO,
  • 22.1 versions before 22.1R2-EVO.

Please note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47508.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
6.5 Medium
Impact Score:
3.6
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Junos OS Evolved 21.4R2-EVO
Junos OS Evolved 22.1R2-EVO
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis