A classic buffer overflow vulnerability has been identified in the advanced forwarding toolkit components 'evo-aftmand' and 'evo-pfemand' of Juniper Networks Junos OS Evolved. This vulnerability affects PTX Series and QFX5000 Series devices, allowing an unauthenticated, adjacent attacker to cause a denial-of-service condition. By sending crafted multicast packets, an attacker can disrupt line cards running the vulnerable components, causing them to crash and restart. Non-line card devices will also experience a crash and restart. The denial-of-service condition can be sustained with the continued receipt and processing of these packets. The vulnerability affects several versions and ranges of Junos OS Evolved on both PTX Series and QFX5000 Series.
Exploitation of this vulnerability leads to a denial-of-service condition, causing affected devices to crash and restart. On QFX5000 Series, this vulnerability does not affect versions prior to 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and 22.1R1-EVO.
Users can upgrade to Junos OS Evolved versions 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-EVO, 24.2R2-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases for PTX Series. For QFX5000 Series, users can upgrade to versions 22.2R3-S7-EVO, 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
