CVE-2024-47508

HIGH EPSS 29.4%
Published Oct 11, 20241y ago · Modified Jun 17, 20262w ago
7.1 CVSS 4.0
High
Find Similar
Published Oct 11, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover. GUID exhaustion will trigger a syslog message like one of the following: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ... evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ... The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand/evo-pfemand In case one or more of these values are constantly increasing the leak is happening. This issue affects Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.3 versions before 21.3R3-EVO; * 21.4 versions before 22.1R2-EVO, * 22.1 versions before 22.1R1-S1-EVO, 22.1R2-EVO. Please note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47509.

CVSS Details

Base Score
7.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
29.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-770

Affected Products 29

VendorProductVersionRange
juniperjunos_os_evolved* <21.2
juniperjunos_os_evolved21.2any
juniperjunos_os_evolved21.2any
juniperjunos_os_evolved21.2any
juniperjunos_os_evolved21.2any
juniperjunos_os_evolved21.2any
juniperjunos_os_evolved21.2any
juniperjunos_os_evolved21.2any
juniperjunos_os_evolved21.2any
juniperjunos_os_evolved21.2any
juniperjunos_os_evolved21.2any
juniperjunos_os_evolved21.2any
juniperjunos_os_evolved21.2any
juniperjunos_os_evolved21.2any
juniperjunos_os_evolved21.2any
juniperjunos_os_evolved21.2any
juniperjunos_os_evolved21.3any
juniperjunos_os_evolved21.3any
juniperjunos_os_evolved21.3any
juniperjunos_os_evolved21.3any
juniperjunos_os_evolved21.3any
juniperjunos_os_evolved21.3any
juniperjunos_os_evolved21.4any
juniperjunos_os_evolved21.4any
juniperjunos_os_evolved21.4any
juniperjunos_os_evolved21.4any
juniperjunos_os_evolved22.1any
juniperjunos_os_evolved22.1any
juniperjunos_os_evolved22.1any

References 1

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.