// For flags

CVE-2024-39560

Junos OS and Junos OS Evolved: Memory leak due to RSVP neighbor persistent error leading to kernel crash

Severity Score

7.1
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service (DoS).

The kernel memory leak and eventual crash will be seen when the downstream RSVP neighbor has a persistent error which will not be corrected.

System kernel memory can be monitored through the use of the 'show system statistics kernel memory' command as shown below:

user@router> show system statistics kernel memory
Memory               Size (kB) Percentage When
  Active                 753092     18.4% Now
  Inactive               574300     14.0% Now
  Wired                  443236     10.8% Now
  Cached                1911204     46.6% Now
  Buf                     32768      0.8% Now
  Free                   385072      9.4% Now
Kernel Memory                             Now
  Data                   312908      7.6% Now
  Text                     2560      0.1% Now
...

This issue affects:
Junos OS:


* All versions before 20.4R3-S9,
* from 21.4 before 21.4R3-S5,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2;


Junos OS Evolved:


* All versions before 21.4R3-S5-EVO,
* from 22.1-EVO before 22.1R3-S5-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-S2-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.

Una vulnerabilidad de manejo inadecuado de condiciones excepcionales en el daemon del protocolo de enrutamiento (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un vecino RSVP descendente lógicamente adyacente provoque el agotamiento de la memoria del kernel, lo que provoca un fallo del kernel, lo que resulta en una denegación de servicio ( DoS). La pérdida de memoria del kernel y su eventual fallo se verán cuando el vecino RSVP descendente tenga un error persistente que no se corregirá. La memoria del kernel del sistema se puede monitorear mediante el uso del comando 'mostrar la memoria del kernel de estadísticas del sistema' como se muestra a continuación: usuario@router> mostrar la memoria del kernel de estadísticas del sistema Tamaño de la memoria (kB) Porcentaje cuando está activo 753092 18,4 % ahora inactivo 574300 14,0 % ahora cableado 443236 10,8% Ahora en caché 1911204 46,6% Ahora Buf 32768 0,8% Ahora gratis 385072 9,4% Ahora Memoria del kernel Ahora Datos 312908 7,6% Ahora Texto 2560 0,1% Ahora... Este problema afecta a: Junos OS: * Todas las versiones anteriores a 20.4R3-S9 , * desde 21.4 antes de 21.4R3-S5, * desde 22.1 antes de 22.1R3-S5, * desde 22.2 antes de 22.2R3-S3, * desde 22.3 antes de 22.3R3-S2, * desde 22.4 antes de 22.4R3, * desde 23.2 antes de 23.2R2 ; Junos OS Evolved: * Todas las versiones anteriores a 21.4R3-S5-EVO, * desde 22.1-EVO antes de 22.1R3-S5-EVO, * desde 22.2-EVO antes de 22.2R3-S3-EVO, * desde 22.3-EVO antes de 22.3R3- S2-EVO, * de 22.4-EVO antes de 22.4R3-EVO, * de 23.2-EVO antes de 23.2R2-EVO.

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service (DoS).

The kernel memory leak and eventual crash will be seen when the downstream RSVP neighbor has a persistent error which will not be corrected.

System kernel memory can be monitored through the use of the 'show system kernel memory' command as shown below:

user@router> show system kernel memory  
Real memory total/reserved: 4130268/ 133344 Kbytes
kmem map free: 18014398509110220 Kbytes

This issue affects:
Junos OS:


* All versions before 20.4R3-S9,
* All versions of 21.2,
* from 21.4 before 21.4R3-S5,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2;


Junos OS Evolved:


* All versions before 21.4R3-S5-EVO,
* from 22.1-EVO before 22.1R3-S5-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-S2-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
None
None
Integrity
None
None
Availability
High
Low
Attack Vector
Adjacent
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
None
None
Integrity
None
None
Availability
High
Low
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-06-25 CVE Reserved
  • 2024-07-10 CVE Published
  • 2024-07-11 EPSS Updated
  • 2024-10-01 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-755: Improper Handling of Exceptional Conditions
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://supportportal.juniper.net/JSA83020 2024-07-11
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 < 20.4R3-S9
Search vendor "Juniper Networks" for product "Junos OS" and version " < 20.4R3-S9"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 21.2* < 21.2R1
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.2* < 21.2R1"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 21.4 < 21.4R3-S5
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.4 < 21.4R3-S5"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 22.1 < 22.1R3-S5
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.1 < 22.1R3-S5"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 22.2 < 22.2R3-S3
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.2 < 22.2R3-S3"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 22.3 < 22.3R3-S2
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.3 < 22.3R3-S2"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 22.4 < 22.4R3
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.4 < 22.4R3"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 23.2 < 23.2R2
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.2 < 23.2R2"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
 < 21.4R3-S5-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " < 21.4R3-S5-EVO"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
 >= 22.1-EVO < 22.1R3-S5-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.1-EVO < 22.1R3-S5-EVO"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
 >= 22.2-EVO < 22.2R3-S3-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.2-EVO < 22.2R3-S3-EVO"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
 >= 22.3-EVO < 22.3R3-S2-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.3-EVO < 22.3R3-S2-EVO"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
 >= 22.4-EVO < 22.4R3-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.4-EVO < 22.4R3-EVO"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS Evolved
Search vendor "Juniper Networks" for product "Junos OS Evolved"
 >= 23.2-EVO < 23.2R2-EVO
Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 23.2-EVO < 23.2R2-EVO"
en
Affected