CVE-2025-52961

Опубликовано: 09 окт. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An attacker on an adjacent device sending specific valid traffic can cause cfmd to spike the CPU to 100% and cfmman's memory to leak, eventually to cause the FPC crash and restart.

Continued receipt and processes of these specific valid packets will sustain the Denial of Service (DoS) condition.

An indicator of compromise is to watch for an increase in cfmman memory rising over time by issuing the following command and evaluating the RSS number. If the RSS is growing into GBs then consider restarting the device to temporarily clear memory.

user@device> show system processes node fpc detail | match cfmman

Example:

show system pro

Ссылки

https://supportportal.juniper.net/JSA103144
Vendor Advisory
Exploit
https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/cfm-configuring.html
Technical Description

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:23.2:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:23.4:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:23.4:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:24.2:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:24.2:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:24.2:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:24.4:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:24.4:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:24.4:r2:*:*:*:*:*:*

Одно из

cpe:2.3:h:juniper:ptx10001-36mr:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:ptx10002-36qdd:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:ptx10004:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:ptx10008:-:*:*:*:*:*:*:*

cpe:2.3:h:juniper:ptx10016:-:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.00029

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-400

Связанные уязвимости

GHSA-6rrp-5qvj-5rj8

CVSS3: 6.5

github

4 месяца назад

An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemon and the Connectivity Fault Management Manager (cfmman) of Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). An attacker on an adjacent device sending specific valid traffic can cause cfmd to spike the CPU to 100% and cfmman's memory to leak, eventually to cause the FPC crash and restart. Continued receipt and processes of these specific valid packets will sustain the Denial of Service (DoS) condition. An indicator of compromise is to watch for an increase in cfmman memory rising over time by issuing the following command and evaluating the RSS number. If the RSS is growing into GBs then consider restarting the device to temporarily clear memory. user@device> show system processes node fpc<num> detail | match cfmman Example: show system ...

EPSS

Процентиль: 8%

0.00029

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-400