PT-2025-41403 · Juniper Networks · Junos Evolved+1
Published
2025-10-09
·
Updated
2025-10-09
·
CVE-2025-59958
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:X |
Name of the Vulnerable Software and Affected Versions
Juniper Networks Junos OS Evolved on PTX Series versions prior to 22.4R3-EVO
Juniper Networks Junos OS Evolved on PTX Series versions prior to 23.2R2-EVO
Description
An issue exists in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series that could allow an unauthenticated, network-based attacker to impact confidentiality and availability. When an output firewall filter is configured with 'reject' actions, packets matching these terms are incorrectly sent to the Routing Engine (RE) for processing, consuming RE resources. Responses from the RE could potentially reveal confidential information about the device. This issue applies to firewall filters on WAN or revenue interfaces, but not on management or loopback interfaces, or input filters.
Recommendations
Upgrade to Junos OS Evolved version 22.4R3-EVO or later.
Upgrade to Junos OS Evolved version 23.2R2-EVO or later.
Fix
Improper Check for Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos Evolved
Ptx Series