6

CVE-2026-57029

Junos OS Evolved: QFX Series: When sFlow collector reachability changes evo-pfemand process can crash

A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service (DoS).


When the reachability of an sFlow collector changes, the corresponding next-hop entry is updated. If this update occurs simultaneously with the sFlow thread accessing the next-hop data (which is outside the attackers control), it causes the evo-pfemand process to crash, impacting all traffic forwarding until the automatic process restart has completed.




This issue affects Junos OS Evolved on QFX Series:


  *  all 23.2 versions, 
  *  23.4 versions before 23.4R2-S7-EVO,
  *  24.2 versions before 24.2R2-S5-EVO,
  *  24.4 versions before 24.4R2-S3-EVO,
  *  25.2 versions before 25.2R2-EVO.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerJuniper Networks
Produkt Junos OS Evolved
Default Statusunaffected
Version 0
Version < 23.4R2-S7-EVO
Status affected
Version 24.2
Version < 24.2R2-S5-EVO
Status affected
Version 24.4
Version < 24.4R2-S3-EVO
Status affected
Version 25.2
Version < 25.2R2-EVO
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.088
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 6 0 0
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X
sirt@juniper.net 5.3 1.6 3.6
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-820 Missing Synchronization

The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.