A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service (DoS). If colored SRTE policy tunnels are provisioned via PCEP, and gRPC is used to monitor traffic in these tunnels, evo-aftmand crashes and doesn't restart which leads to a complete and persistent service impact. The system has to be manually restarted to recover.
The issue is seen only when the Originator ASN field in PCEP contains a value larger than 65,535 (32-bit ASN). The issue is not reproducible when SRTE policy tunnels are statically configured. This issue affects Junos OS Evolved on PTX Series:
* all versions before 22.4R3-S9-EVO,
* 23.2 versions before 23.2R2-S6-EVO,
* 23.4 versions before 23.4R2-S7-EVO,
* 24.2 versions before 24.2R2-S4-EVO,
* 24.4 versions before 24.4R2-S2-EVO,
* 25.2 versions before 25.2R1-S2-EVO, 25.2R2-EVO.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service
CVSS Vector v4.0
Weakness Type (CWE)
Vulnerable Products 61
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*
|
— |
22.4
|
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:22.4:r2:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s1:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s2:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s3:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s4:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s5:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s6:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s7:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s1:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s2:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s3:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s4:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s5:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.4:-:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s2:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s1:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s2:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s3:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s4:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s5:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s6:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:24.2:-:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:24.2:r1:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:24.2:r1-s2:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:24.2:r2:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:24.2:r2-s1:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:24.2:r2-s2:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:24.2:r2-s3:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:24.4:-:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:24.4:r1:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:24.4:r1-s2:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:24.4:r1-s3:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:24.4:r2:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:24.4:r2-s1:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:25.2:-:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:25.2:r1:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:25.2:r1-s1:*:*:*:*:*:*
|
— | — |
|
Juniper Junos_Os_Evolved
cpe:2.3:o:juniper:junos_os_evolved:25.2:r2:*:*:*:*:*:*
|
— | — |
|
Juniper Ptx10001-36mr
cpe:2.3:h:juniper:ptx10001-36mr:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ptx10002-36qdd
cpe:2.3:h:juniper:ptx10002-36qdd:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ptx10003
cpe:2.3:h:juniper:ptx10003:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ptx10004
cpe:2.3:h:juniper:ptx10004:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ptx10008
cpe:2.3:h:juniper:ptx10008:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ptx10016
cpe:2.3:h:juniper:ptx10016:-:*:*:*:*:*:*:*
|
— | — |
|
Juniper Ptx12008
cpe:2.3:h:juniper:ptx12008:-:*:*:*:*:*:*:*
|
— | — |