A vulnerability allowing denial-of-service (DoS) has been identified in Juniper Networks Junos OS Evolved on PTX Series. This issue arises from a function call with an incorrect argument type in the sensor interface, allowing a network-based, authenticated attacker with low privileges to cause a complete service disruption. The problem occurs when colored Segment Routing Traffic Engineering (SRTE) policy tunnels are provisioned via the Path Computation Element Protocol (PCEP), and gRPC is used to monitor traffic in these tunnels. Under these conditions, the 'evo-aftmand' process crashes and does not restart, leading to a persistent service impact that requires a manual system restart to recover. The vulnerability is triggered when the Originator ASN field in PCEP contains a value larger than 65,535 (32-bit ASN) and does not occur with statically configured SRTE policy tunnels.
Exploitation of this vulnerability causes the 'evo-aftmand' process to crash, leading to a complete and persistent denial-of-service condition on the affected system. The process does not automatically restart, causing a prolonged service disruption that requires manual intervention to resolve.
Users can update to Junos OS Evolved versions 22.4R3-S9-EVO, 23.2R2-S6-EVO, 23.4R2-S7-EVO, 24.2R2-S4-EVO, 24.4R2-S2-EVO, 25.2R1-S2-EVO, 25.2R2-EVO, or 25.4R1-EVO. If an immediate update is not possible, as a temporary workaround, configure the Originator ASN with a value of less than 65,535 (16-bit ASN).
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
