CVE-2023-22400

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved versions prior to 20.4R3-S3-EVO Juniper Networks Junos OS Evolved version 21.1R1-EVO and later versions Juniper Networks Junos OS Evolved versions prior to 21.2R3-S4-EVO Juniper Networks Junos OS Evolved version 21.3R1-EVO and later versions Juniper Networks Junos OS Evolved versions prior to 21.4R2-EVO

Description An Uncontrolled Resource Consumption issue in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS). This can occur when a specific SNMP GET operation or a specific CLI command is executed, causing a GUID resource leak, eventually leading to exhaustion and resulting in an FPC crash and reboot. The leak can be monitored by running the command show platform application-info allocations app evo-pfemand | match "IFDId|IFLId|Context" and checking the value in the rightmost column labeled Guids.

Recommendations For Juniper Networks Junos OS Evolved versions prior to 20.4R3-S3-EVO, update to version 20.4R3-S3-EVO or later. For Juniper Networks Junos OS Evolved version 21.1R1-EVO and later versions, no specific fix is provided, but it is recommended to monitor the GUID resource usage. For Juniper Networks Junos OS Evolved versions prior to 21.2R3-S4-EVO, update to version 21.2R3-S4-EVO or later. For Juniper Networks Junos OS Evolved version 21.3R1-EVO and later versions, no specific fix is provided, but it is recommended to monitor the GUID resource usage. For Juniper Networks Junos OS Evolved versions prior to 21.4R2-EVO, update to version 21.4R2-EVO or later. As a temporary workaround, consider monitoring the GUID resource usage by running the command show platform application-info allocations app evo-pfemand | match "IFDId|IFLId|Context" to minimize the risk of exploitation.