7.5

CVE-2023-22400

An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS). When a specific SNMP GET operation or a specific CLI command is executed this will cause a GUID resource leak, eventually leading to exhaustion and result in an FPC crash and reboot. GUID exhaustion will trigger a syslog message like one of the following for example: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ... evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ... This leak can be monitored by running the following command and taking note of the value in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand | match "IFDId|IFLId|Context" Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3448 0 3448 re0 evo-pfemand net::juniper::interfaces::IFLId 0 561 0 561 user@host> show platform application-info allocations app evo-pfemand | match "IFDId|IFLId|Context" Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3784 0 3784 re0 evo-pfemand net::juniper::interfaces::IFLId 0 647 0 647 This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R3-S4-EVO; 21.3-EVO version 21.3R1-EVO and later versions; 21.4-EVO versions prior to 21.4R2-EVO.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JuniperJunos Os Evolved Version20.4 Update-
JuniperJunos Os Evolved Version20.4 Updater1
JuniperJunos Os Evolved Version20.4 Updater1-s1
JuniperJunos Os Evolved Version20.4 Updater1-s2
JuniperJunos Os Evolved Version20.4 Updater2
JuniperJunos Os Evolved Version20.4 Updater2-s1
JuniperJunos Os Evolved Version20.4 Updater2-s2
JuniperJunos Os Evolved Version20.4 Updater2-s3
JuniperJunos Os Evolved Version20.4 Updater3
JuniperJunos Os Evolved Version20.4 Updater3-s1
JuniperJunos Os Evolved Version20.4 Updater3-s2
JuniperJunos Os Evolved Version21.1 Updater1
JuniperJunos Os Evolved Version21.1 Updater1-s1
JuniperJunos Os Evolved Version21.1 Updater2
JuniperJunos Os Evolved Version21.1 Updater3
JuniperJunos Os Evolved Version21.1 Updater3-s1
JuniperJunos Os Evolved Version21.2 Update-
JuniperJunos Os Evolved Version21.2 Updater1
JuniperJunos Os Evolved Version21.2 Updater1-s1
JuniperJunos Os Evolved Version21.2 Updater1-s2
JuniperJunos Os Evolved Version21.2 Updater2
JuniperJunos Os Evolved Version21.2 Updater2-s1
JuniperJunos Os Evolved Version21.2 Updater2-s2
JuniperJunos Os Evolved Version21.2 Updater3
JuniperJunos Os Evolved Version21.2 Updater3-s1
JuniperJunos Os Evolved Version21.2 Updater3-s2
JuniperJunos Os Evolved Version21.2 Updater3-s3
JuniperJunos Os Evolved Version21.3 Updater1
JuniperJunos Os Evolved Version21.3 Updater1-s1
JuniperJunos Os Evolved Version21.3 Updater2
JuniperJunos Os Evolved Version21.3 Updater2-s1
JuniperJunos Os Evolved Version21.3 Updater2-s2
JuniperJunos Os Evolved Version21.3 Updater3
JuniperJunos Os Evolved Version21.4 Update-
JuniperJunos Os Evolved Version21.4 Updater1
JuniperJunos Os Evolved Version21.4 Updater1-s1
JuniperJunos Os Evolved Version21.4 Updater1-s2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.465
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.