CVE-2024-39531

Name of the Vulnerable Software and Affected Versions Junos OS Evolved on ACX 7000 Series versions prior to 21.4R3-S7-EVO Junos OS Evolved on ACX 7000 Series versions 22.1 prior to 22.1R3-S6-EVO Junos OS Evolved on ACX 7000 Series versions 22.2 prior to 22.2R3-S3-EVO Junos OS Evolved on ACX 7000 Series versions 22.3 prior to 22.3R3-S3-EVO Junos OS Evolved on ACX 7000 Series versions 22.4 prior to 22.4R3-S2-EVO Junos OS Evolved on ACX 7000 Series versions 23.2 prior to 23.2R2-EVO Junos OS Evolved on ACX 7000 Series versions 23.4 prior to 23.4R1-S1-EVO

Description The issue is related to an Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series. This vulnerability allows a network-based, unauthenticated attacker to cause a Denial-of-Service (DoS). If a value is configured for DDoS bandwidth or burst parameters for any protocol in a queue, all protocols which share the same queue will have their bandwidth or burst value changed to the new value. This can inadvertently open the control plane to a high level of specific traffic or limit the bandwidth for a certain protocol, increasing the chances of a successful volumetric DoS attack.

Recommendations For versions prior to 21.4R3-S7-EVO, update to version 21.4R3-S7-EVO or later. For versions 22.1 prior to 22.1R3-S6-EVO, update to version 22.1R3-S6-EVO or later. For versions 22.2 prior to 22.2R3-S3-EVO, update to version 22.2R3-S3-EVO or later. For versions 22.3 prior to 22.3R3-S3-EVO, update to version 22.3R3-S3-EVO or later. For versions 22.4 prior to 22.4R3-S2-EVO, update to version 22.4R3-S2-EVO or later. For versions 23.2 prior to 23.2R2-EVO, update to version 23.2R2-EVO or later. For versions 23.4 prior to 23.4R1-S1-EVO, update to version 23.4R1-S1-EVO or later.