Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2024-21611

Disclosure Date: January 12, 2024
CVE-2024-21611 CVSS v3 Base Score: 7.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).

In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd.

Thread level memory utilization for the areas where the leak occurs can be checked using the below command:

user@host> show task memory detail | match so_in
so_in6 28 32 344450 11022400 344760 11032320
so_in 8 16 1841629 29466064 1841734 29467744
This issue affects:

Junos OS

  • 21.4 versions earlier than 21.4R3;
  • 22.1 versions earlier than 22.1R3;
  • 22.2 versions earlier than 22.2R3.

Junos OS Evolved

  • 21.4-EVO versions earlier than 21.4R3-EVO;
  • 22.1-EVO versions earlier than 22.1R3-EVO;
  • 22.2-EVO versions earlier than 22.2R3-EVO.

This issue does not affect:

Juniper Networks Junos OS versions earlier than 21.4R1.

Juniper Networks Junos OS Evolved versions earlier than 21.4R1.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Junos OS 21.4R3
Junos OS 22.1R3
Junos OS 22.2R3
Junos OS Evolved 21.4R3-EVO
Junos OS Evolved 22.1R3-EVO
Junos OS Evolved 22.2R3-EVO
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • juniper

Products

  • junos 21.4,
  • junos 22.1,
  • junos 22.2,
  • junos os evolved 21.4,
  • junos os evolved 22.1,
  • junos os evolved 22.2

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis