// For flags

CVE-2024-39550

Junos OS: MX Series with SPC3 line card: Port flaps causes rtlogd memory leak leading to Denial of Service

Severity Score

7.1
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps) to cause a slow memory leak, ultimately leading to a Denial of Service (DoS).

Memory can only be recovered by manually restarting rtlogd process. 
The memory usage can be monitored using the below command.

    user@host> show system processes extensive | match rtlog 



This issue affects Junos OS on MX Series with SPC3 line card: 



* from 21.2R3 before 21.2R3-S8, 
* from 21.4R2 before 21.4R3-S6, 
* from 22.1 before 22.1R3-S5, 
* from 22.2 before 22.2R3-S3, 
* from 22.3 before 22.3R3-S2, 
* from 22.4 before 22.4R3-S1, 
* from 23.2 before 23.2R2, 
* from 23.4 before 23.4R2.

Una vulnerabilidad de liberación de memoria faltante después de la vida útil efectiva en el proceso rtlogd de Juniper Networks Junos OS en la serie MX con SPC3 permite que un atacante adyacente no autenticado desencadene una causa de eventos internos (que se puede lograr mediante solapas repetidas de puertos) para causar una pérdida de memoria lenta. , lo que en última instancia conduce a una denegación de servicio (DoS). La memoria sólo se puede recuperar reiniciando manualmente el proceso rtlogd. El uso de la memoria se puede monitorear usando el siguiente comando. usuario@host> show system processes extensive | match rtlog Este problema afecta a Junos OS en la serie MX con tarjeta de línea SPC3: * desde 21.2R3 antes de 21.2R3-S8, * desde 21.4R2 antes de 21.4R3-S6, * desde 22.1 antes de 22.1R3-S5, * desde 22.2 antes de 22.2R3 -S3, * de 22.3 antes de 22.3R3-S2, * de 22.4 antes de 22.4R3-S1, * de 23.2 antes de 23.2R2, * de 23.4 antes de 23.4R2.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
None
None
Integrity
None
None
Availability
High
None
Attack Vector
Adjacent
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
None
None
Integrity
None
None
Availability
High
None
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-06-25 CVE Reserved
  • 2024-07-11 CVE Published
  • 2024-07-12 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://supportportal.juniper.net/JSA83012 2024-07-11
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 21.2R3 < 21.2R3-S8
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.2R3 < 21.2R3-S8"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 21.4R2 < 21.4R3-S6
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.4R2 < 21.4R3-S6"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 22.1 < 22.1R3-S5
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.1 < 22.1R3-S5"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 22.2 < 22.2R3-S3
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.2 < 22.2R3-S3"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 22.3 < 22.3R3-S2
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.3 < 22.3R3-S2"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 22.4 < 22.4R3-S1
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.4 < 22.4R3-S1"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 23.2 < 23.2R2
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.2 < 23.2R2"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 23.4 < 23.4R2
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.4 < 23.4R2"
en
Affected