Juniper Junos OS Evolved PTX Series On-Box Anomaly Detection Framework Code Execution Vulnerability

A vulnerability allowing unauthenticated, network-based code execution as root has been identified in the On-Box Anomaly Detection framework of Juniper Networks Junos OS Evolved, specifically on PTX Series routers. This vulnerability arises from incorrect permission assignments that expose the anomaly detection service on externally accessible ports, contrary to its intended design of being available only to internal processes via the internal routing instance. As a result, a remote attacker could potentially gain complete control over the affected device. This issue affects Junos OS Evolved versions 25.4 prior to 25.4R1-S1-EVO and 25.4R2-EVO, and is present by default without requiring any specific configuration.

Impact

Exploitation of this vulnerability allows for unauthorized, network-based code execution as root, enabling complete control over the affected device.

Remediation

Users can upgrade to Junos OS Evolved versions 25.4R1-S1-EVO, 25.4R2-EVO, 26.2R1-EVO, or any subsequent release. Alternatively, the On-Box Anomaly Detection service can be disabled using the command 'request pfe anomalies disable'.