CVE-2023-22400

An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS). When a specific SNMP GET operation or a specific CLI command is executed this will cause a GUID resource leak, eventually leading to exhaustion and result in an FPC crash and reboot. GUID exhaustion will trigger a syslog message like one of the following for example: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ... evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ... This leak can be monitored by running the following command and taking note of the value in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand | match "IFDId|IFLId|Context" Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3448 0 3448 re0 evo-pfemand net::juniper::interfaces::IFLId 0 561 0 561 user@host> show platform application-info allocations app evo-pfemand | match "IFDId|IFLId|Context" Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3784 0 3784 re0 evo-pfemand net::juniper::interfaces::IFLId 0 647 0 647 This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R3-S4-EVO; 21.3-EVO version 21.3R1-EVO and later versions; 21.4-EVO versions prior to 21.4R2-EVO.

Published: Jan 13, 2023
Updated: Apr 14, 2023
CVE: CVE-2023-22400
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
juniper / junos_os_evolved	20.4-r1	20.4-r1.x
juniper / junos_os_evolved	21.1-r1	21.1-r1.x
juniper / junos_os_evolved	21.1-r2	21.1-r2.x
juniper / junos_os_evolved	21.1-r1-s1	21.1-r1-s1.x
juniper / junos_os_evolved	21.2-r1	21.2-r1.x
juniper / junos_os_evolved	21.2-r1-s1	21.2-r1-s1.x
juniper / junos_os_evolved	21.2-r2	21.2-r2.x
juniper / junos_os_evolved	20.4-r1-s1	20.4-r1-s1.x
juniper / junos_os_evolved	20.4-r1-s2	20.4-r1-s2.x
juniper / junos_os_evolved	20.4-r2	20.4-r2.x
juniper / junos_os_evolved	20.4-r2-s1	20.4-r2-s1.x
juniper / junos_os_evolved	20.4-r2-s2	20.4-r2-s2.x
juniper / junos_os_evolved	20.4-r2-s3	20.4-r2-s3.x
juniper / junos_os_evolved	20.4-r3	20.4-r3.x
juniper / junos_os_evolved	20.4-r3-s1	20.4-r3-s1.x
juniper / junos_os_evolved	21.3-r1	21.3-r1.x
juniper / junos_os_evolved	20.4	20.4.x
juniper / junos_os_evolved	21.2	21.2.x
juniper / junos_os_evolved	21.2-r1-s2	21.2-r1-s2.x
juniper / junos_os_evolved	21.2-r2-s1	21.2-r2-s1.x
juniper / junos_os_evolved	21.3-r1-s1	21.3-r1-s1.x
juniper / junos_os_evolved	20.4-r3-s2	20.4-r3-s2.x
juniper / junos_os_evolved	21.4-r1	21.4-r1.x
juniper / junos_os_evolved	21.4-r1-s1	21.4-r1-s1.x
juniper / junos_os_evolved	21.2-r2-s2	21.2-r2-s2.x
juniper / junos_os_evolved	21.1-r3	21.1-r3.x
juniper / junos_os_evolved	21.2-r3	21.2-r3.x
juniper / junos_os_evolved	21.3-r2	21.3-r2.x
juniper / junos_os_evolved	21.4	21.4.x
juniper / junos_os_evolved	21.1-r3-s1	21.1-r3-s1.x
juniper / junos_os_evolved	21.3-r2-s1	21.3-r2-s1.x
juniper / junos_os_evolved	21.3-r2-s2	21.3-r2-s2.x
juniper / junos_os_evolved	21.4-r1-s2	21.4-r1-s2.x
juniper / junos_os_evolved	21.2-r3-s1	21.2-r3-s1.x
juniper / junos_os_evolved	21.3-r3	21.3-r3.x
juniper / junos_os_evolved	21.2-r3-s2	21.2-r3-s2.x
juniper / junos_os_evolved	21.2-r3-s3	21.2-r3-s3.x

https://kb.juniper.net/JSA70196

Vulnerability Database

290,020

CVE-2023-22400