Juniper Networks Junos OS Evolved Connectivity Fault Management Daemon Uncontrolled Resource Consumption Vulnerability Allowing Denial-of-Service

A denial-of-service vulnerability has been identified in the Connectivity Fault Management (CFM) daemon and the CFM Manager (cfmman) of Juniper Networks Junos OS Evolved. This vulnerability affects PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, and PTX10016 routers running specific Junos OS Evolved versions. The issue allows an unauthenticated, adjacent attacker to cause a significant spike in CPU usage and memory leakage in the CFM Manager, leading to a crash and restart of the affected Forwarding Plane Component (FPC). The denial-of-service condition can be sustained by continuing to send the specific valid traffic that triggers the issue.

Impact

Exploitation of this vulnerability causes the CFM daemon to consume 100% of the CPU and leads to a memory leak in the CFM Manager, causing the FPC to crash and restart. This disruption can be temporarily mitigated by restarting the device, but the underlying issue can be reintroduced by resuming the traffic that causes the denial-of-service condition.