CVE-2025-59967
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A NULL Pointer Dereference vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7024, ACX7024X, ACX7100-32C, ACX7100-48L, ACX7348, ACX7509 devices allows an unauthenticated, adjacent attacker to cause a
Denial-of-Service (DoS).
Whenever specific valid multicast traffic is received on any layer 3 interface the evo-pfemand process crashes and restarts.
Continued receipt of specific valid multicast traffic results in a sustained Denial of Service (DoS) attack. This issue affects Junos OS Evolved on ACX7024, ACX7024X, ACX7100-32C, ACX7100-48L, ACX7348, ACX7509:
- from 23.2R2-EVO before 23.2R2-S4-EVO,
- from 23.4R1-EVO before 23.4R2-EVO.
This issue affects IPv4 and IPv6.
This issue does not affect Junos OS Evolved ACX7024, ACX7024X, ACX7100-32C, ACX7100-48L, ACX7348, ACX7509 versions before 23.2R2-EVO.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS Evolved | 23.2R2-EVO < 23.2R2-S4-EVO | affected |
| Juniper Networks | Junos OS Evolved | 23.4R1-EVO < 23.4R2-EVO | affected |
Weaknesses
- CWE-476: CWE-476: NULL Pointer Dereference
Workarounds
There are no known workarounds for this issue. To reduce the risk of exploitation, enable access control lists (ACLs) and other filtering mechanisms to limit access to the device only from trusted hosts.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.