Description
A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT) manager process (aftmand) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a kernel crash due to intensive polling of Abstracted Fabric (AF) interface statistics and thereby a Denial of Service (DoS). Continued gathering of AF interface statistics will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on MX Series: 20.1 versions later than 20.1R1; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R2.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA69711
Scores
CVSS v3
7.5
EPSS
0.0046
EPSS Percentile
64.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-416
Status
published
Products (6)
juniper/junos
20.1 r1-s1 (11 CPE variants)
juniper/junos
20.2 (14 CPE variants)
juniper/junos
20.3 (10 CPE variants)
juniper/junos
20.4 (6 CPE variants)
juniper/junos
21.1 (3 CPE variants)
juniper/junos
21.2 (4 CPE variants)
Published
Jul 20, 2022
Tracked Since
Feb 18, 2026