Executive Summary

This vulnerability is a Function Call With Incorrect Argument Type issue in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series devices.

It allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service (DoS) by crashing the evo-aftmand process when colored SRTE policy tunnels are provisioned via PCEP and gRPC is used to monitor traffic in these tunnels.

The crash occurs specifically when the Originator ASN field in PCEP contains a value larger than 65,535 (32-bit ASN), and the process does not restart automatically, requiring a manual system restart to recover.

This issue does not occur when SRTE policy tunnels are statically configured.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can cause a complete and persistent Denial of Service (DoS) on affected Junos OS Evolved PTX Series devices.

Because the evo-aftmand process crashes and does not restart automatically, network services relying on this process will be disrupted until the system is manually restarted.

This can lead to significant network downtime and service unavailability, impacting network reliability and operations.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Junos OS Evolved on PTX Series devices to a fixed version. The affected versions are all versions before 22.4R3-S9-EVO, 23.2 versions before 23.2R2-S6-EVO, 23.4 versions before 23.4R2-S7-EVO, 24.2 versions before 24.2R2-S4-EVO, 24.4 versions before 24.4R2-S2-EVO, and 25.2 versions before 25.2R1-S2-EVO and 25.2R2-EVO.

Since the issue causes evo-aftmand to crash and not restart when colored SRTE policy tunnels are provisioned via PCEP with gRPC monitoring, and the Originator ASN field in PCEP contains a value larger than 65,535, avoid using such configurations until the system is patched.

If the service impact occurs, a manual system restart is required to recover.

Useful 0 Not Useful 0