A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service (DoS).
When the reachability of an sFlow collector changes, the corresponding next-hop entry is updated. If this update occurs simultaneously with the sFlow thread accessing the next-hop data (which is outside the attackers control), it causes the evo-pfemand process to crash, impacting all traffic forwarding until the automatic process restart has completed.
This issue affects Junos OS Evolved on QFX Series:
- all 23.2 versions,
- 23.4 versions before 23.4R2-S7-EVO,
- 24.2 versions before 24.2R2-S5-EVO,
- 24.4 versions before 24.4R2-S3-EVO,
- 25.2 versions before 25.2R2-EVO.
To be exposed to this issue at least one sflow collector needs to be configured via:
[ protocols sflow collector <address> ]
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
There are no known workarounds for this issue.
The following software releases have been updated to resolve this specific issue:
Junos OS Evolved: 23.4R2-S7-EVO, 24.2R2-S5-EVO, 24.4R2-S3-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases.