CVE-2024-39518

Junos OS: MX240, MX480, MX960 platforms using MPC10E: Memory leak will be observed when subscribed to a specific subscription on Junos Telemetry Interface

Severity Score

8.7

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS).

When the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive. A manual reboot of the Line Card will be required to restore the device to its normal functioning.

This issue is only seen when telemetry subscription is active.

The Heap memory utilization can be monitored using the following command:
> show system processes extensive

The following command can be used to monitor the memory utilization of the specific sensor
> show system info | match sensord
PID NAME MEMORY PEAK MEMORY %CPU THREAD-COUNT CORE-AFFINITY UPTIME

1986 sensord 877.57MB 877.57MB 2 4 0,2-15 7-21:41:32

This issue affects Junos OS:

* from 21.2R3-S5 before 21.2R3-S7,
* from 21.4R3-S4 before 21.4R3-S6,
* from 22.2R3 before 22.2R3-S4,
* from 22.3R2 before 22.3R3-S2,
* from 22.4R1 before 22.4R3,
* from 23.2R1 before 23.2R2.

Una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en el proceso del sensor de telemetría (sensord) de Juniper Networks Junos OS en plataformas MX240, MX480, MX960 que utilizan MPC10E provoca un aumento constante en la utilización de la memoria, lo que en última instancia conduce a una denegación de servicio (DoS). Cuando el dispositivo está suscrito a una suscripción específica en Junos Telemetry Interface, se produce una pérdida lenta de memoria y, finalmente, se consumen todos los recursos y el dispositivo deja de responder. Será necesario reiniciar manualmente la tarjeta de línea para restaurar el dispositivo a su funcionamiento normal. Este problema solo se ve cuando la suscripción de telemetría está activa. La utilización de la memoria del montón se puede monitorear usando el siguiente comando: > show system processes extensive El siguiente comando se puede usar para monitorear la utilización de la memoria del sensor específico > show system info | match sensord NOMBRE PID MEMORIA PICO DE MEMORIA %CPU NÚMERO DE HILOS CORE-AFFINITY UPTIME 1986 sensord 877.57MB 877.57MB 2 4 0,2-15 7-21:41:32 Este problema afecta a Junos OS: * de 21.2R3-S5 antes de 21.2 R3-S7, * de 21.4R3-S4 antes de 21.4R3-S6, * de 22.2R3 antes de 22.2R3-S4, * de 22.3R2 antes de 22.3R3-S2, * de 22.4R1 antes de 22.4R3, * de 23.2R1 antes de 23.2 R2.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

None

Integrity

None

Availability

High

Low

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-25 CVE Reserved
2024-07-10 CVE Published
2024-07-11 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-122: Heap-based Buffer Overflow

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://supportportal.juniper.net/JSA82982	2024-07-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 21.2R3-S5 < 21.2R3-S7 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.2R3-S5 < 21.2R3-S7"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 21.4R3-S4 < 21.4R3-S6 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.4R3-S4 < 21.4R3-S6"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 22.2R3 < 22.2R3-S4 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.2R3 < 22.2R3-S4"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 22.3R2 < 22.3R3-S2 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.3R2 < 22.3R3-S2"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 22.4R1 < 22.4R3 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.4R1 < 22.4R3"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 23.2R1 < 23.2R2 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.2R1 < 23.2R2"		en		Affected