CVE-2024-47508
📋 TL;DR
This CVE describes a resource exhaustion vulnerability in Juniper Junos OS Evolved where authenticated attackers can cause FPC crashes through specific SNMP GET operations or CLI commands. The vulnerability leads to GUID resource leaks that eventually exhaust resources, requiring manual restart of affected FPCs. This affects Junos OS Evolved versions before specific patched releases.
💻 Affected Systems
- Juniper Networks Junos OS Evolved
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service affecting multiple FPCs, requiring manual intervention to restore network functionality, potentially disrupting critical network operations.
Likely Case
Targeted FPC crashes causing localized service disruption that requires manual restart of affected hardware components.
If Mitigated
Limited impact with proper access controls and monitoring, allowing early detection before widespread exhaustion occurs.
🎯 Exploit Status
Exploitation requires authenticated access to network management interfaces. Similar vulnerabilities exist (CVE-2024-47505, CVE-2024-47509) but this is distinct.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 21.2R3-S8-EVO, 21.3R3-EVO, 22.1R2-EVO, 22.1R1-S1-EVO, or later versions
Vendor Advisory: https://supportportal.juniper.net/
Restart Required: Yes
Instructions:
1. Check current version with 'show version'. 2. Download appropriate patched version from Juniper support portal. 3. Follow Juniper's standard upgrade procedures for Junos OS Evolved. 4. Reboot affected devices after upgrade.
🔧 Temporary Workarounds
Monitor GUID usage
allRegularly check for GUID resource leaks to detect exploitation attempts early
show platform application-info allocations app evo-pfemand/evo-pfemand
Restrict management access
allLimit SNMP and CLI access to trusted management networks and authorized users only
🧯 If You Can't Patch
- Implement strict access controls on SNMP and CLI interfaces
- Monitor syslog for 'Ran out of Guid Space' messages and 'show platform application-info allocations' output regularly
🔍 How to Verify
Check if Vulnerable:
Check version with 'show version' and compare against affected versions. Monitor GUID usage with 'show platform application-info allocations app evo-pfemand/evo-pfemand' for increasing values.Check Version:
show versionVerify Fix Applied:
Confirm version is patched with 'show version'. Monitor that GUID values in 'show platform application-info allocations app evo-pfemand/evo-pfemand' remain stable and don't constantly increase.📡 Detection & Monitoring
Log Indicators:
- evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ...
- evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ...
Network Indicators:
- Unusual SNMP GET request patterns to management interfaces
- Multiple CLI commands from single sources in short timeframes
SIEM Query:
source="juniper_logs" AND ("Ran out of Guid Space" OR "get_next_guid")