CVE-2024-39542
📋 TL;DR
An unauthenticated network attacker can cause denial-of-service on affected Juniper devices by sending specific traffic that crashes critical packet processing components. This affects Juniper MX, ACX, and PTX series routers running vulnerable Junos OS versions with certain configurations. The FPC (Flexible PIC Concentrator) stops working until manually restarted.
💻 Affected Systems
- Juniper MX Series with MPC10/11 or LC9600
- MX304
- ACX Series
- PTX Series
📦 What is this software?
Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →⚠️ Risk & Real-World Impact
Worst Case
Complete loss of packet forwarding on affected line cards, requiring manual intervention to restore service, potentially affecting multiple network segments.
Likely Case
Intermittent DoS affecting specific interfaces or line cards when attackers send crafted traffic to vulnerable configurations.
If Mitigated
Limited impact if vulnerable configurations are disabled or devices are behind proper network segmentation.
🎯 Exploit Status
Attack requires sending specific valid transit traffic (scenario 1) or malformed CFM packets (scenario 2) to vulnerable configurations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Junos OS: 21.2R3-S4, 21.4R2, 22.2R3-S2 or later. Junos OS Evolved: 21.2R3-S8-EVO, 21.4R2-EVO or later.
Vendor Advisory: https://supportportal.juniper.net/JSA83002
Restart Required: Yes
Instructions:
1. Download appropriate fixed version from Juniper support portal. 2. Backup configuration. 3. Install update following Juniper upgrade procedures. 4. Reboot affected devices.
🔧 Temporary Workarounds
Disable vulnerable configurations
allRemove sFlow+ECMP configuration on PTX devices and disable CFM on interfaces to prevent exploitation.
# Remove sFlow sampling
set protocols sflow disable
# Disable CFM on interfaces
set protocols oam ethernet connectivity-fault-management disable
Network segmentation
allRestrict access to management and control plane interfaces using ACLs or firewall rules.
# Example ACL to restrict CFM traffic
set firewall family inet filter BLOCK-CFM term 1 from protocol cfm
set firewall family inet filter BLOCK-CFM term 1 then discard
🧯 If You Can't Patch
- Disable sFlow sampling and ECMP on PTX devices immediately
- Disable CFM (Connectivity Fault Management) on all interfaces
🔍 How to Verify
Check if Vulnerable:
Check Junos version with 'show version' and verify if sFlow+ECMP or CFM is configured with 'show configuration protocols'.Check Version:
show versionVerify Fix Applied:
Verify installed version is patched with 'show version' and test that packetio/evo-aftman processes remain stable under traffic.📡 Detection & Monitoring
Log Indicators:
- Packetio process crashes
- Evo-aftman crashes
- FPC restart messages
- CFM protocol errors
Network Indicators:
- Unexpected CFM packets to interfaces
- Increased sFlow sampling traffic patterns
SIEM Query:
source="juniper-firewall" AND ("packetio crash" OR "evo-aftman" OR "FPC restart")