CVE-2024-39538

Name of the Vulnerable Software and Affected Versions Junos OS Evolved on ACX7000 Series versions prior to 21.2R3-S8-EVO Junos OS Evolved on ACX7000 Series 21.4-EVO versions prior to 21.4R3-S7-EVO Junos OS Evolved on ACX7000 Series 22.2-EVO versions prior to 22.2R3-S4-EVO Junos OS Evolved on ACX7000 Series 22.3-EVO versions prior to 22.3R3-S3-EVO Junos OS Evolved on ACX7000 Series 22.4-EVO versions prior to 22.4R3-S2-EVO Junos OS Evolved on ACX7000 Series 23.2-EVO versions prior to 23.2R2-EVO Junos OS Evolved on ACX7000 Series 23.4-EVO versions prior to 23.4R1-S2-EVO, 23.4R2-EVO

Description A Buffer Copy without Checking Size of Input issue in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When multicast traffic with a specific, valid (S,G) is received, evo-pfemand crashes, which leads to an outage of the affected FPC until it is manually recovered.

Recommendations For Junos OS Evolved on ACX7000 Series versions prior to 21.2R3-S8-EVO, update to version 21.2R3-S8-EVO or later. For Junos OS Evolved on ACX7000 Series 21.4-EVO versions prior to 21.4R3-S7-EVO, update to version 21.4R3-S7-EVO or later. For Junos OS Evolved on ACX7000 Series 22.2-EVO versions prior to 22.2R3-S4-EVO, update to version 22.2R3-S4-EVO or later. For Junos OS Evolved on ACX7000 Series 22.3-EVO versions prior to 22.3R3-S3-EVO, update to version 22.3R3-S3-EVO or later. For Junos OS Evolved on ACX7000 Series 22.4-EVO versions prior to 22.4R3-S2-EVO, update to version 22.4R3-S2-EVO or later. For Junos OS Evolved on ACX7000 Series 23.2-EVO versions prior to 23.2R2-EVO, update to version 23.2R2-EVO or later. For Junos OS Evolved on ACX7000 Series 23.4-EVO versions prior to 23.4R1-S2-EVO, 23.4R2-EVO, update to version 23.4R1-S2-EVO or 23.4R2-EVO or later.