CVE-2024-21617

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 20.4R3-S7 through 21.2R3-S5 Juniper Networks Junos OS versions 20.4R3-S7 through 21.3R3-S4 Juniper Networks Junos OS versions 20.4R3-S7 through 21.4R3-S4 Juniper Networks Junos OS versions 20.4R3-S7 through 22.1R3-S2 Juniper Networks Junos OS versions 20.4R3-S7 through 22.2R3-S2 Juniper Networks Junos OS versions 20.4R3-S7 through 22.3R2-S1 Juniper Networks Junos OS versions 20.4R3-S7 through 22.3R3 Juniper Networks Junos OS versions 20.4R3-S7 through 22.4R1-S2 Juniper Networks Junos OS versions 20.4R3-S7 through 22.4R2

However, to consolidate the ranges of affected versions into the most concise form and to follow the instructions precisely, the above list should be simplified. Since all versions are affected starting from 20.4R3-S7 up to but not including the specified fixed versions for each major release, we can simplify this to:

Juniper Networks Junos OS versions 20.4R3-S7 through 21.2R3-S5 Juniper Networks Junos OS versions 21.3R3-S4 and earlier Juniper Networks Junos OS versions 21.4R3-S4 and earlier Juniper Networks Junos OS versions 22.1R3-S2 and earlier Juniper Networks Junos OS versions 22.2R3-S2 and earlier Juniper Networks Junos OS versions 22.3R2-S1 and 22.3R3 and earlier Juniper Networks Junos OS versions 22.4R1-S2 and 22.4R2 and earlier

But to make it even more concise and to avoid redundancy, we should consider the earliest and latest versions mentioned and their respective fixes. Thus, simplifying further:

Juniper Networks Junos OS versions prior to 21.2R3-S5 Juniper Networks Junos OS versions prior to 21.3R3-S4 Juniper Networks Junos OS versions prior to 21.4R3-S4 Juniper Networks Junos OS versions prior to 22.1R3-S2 Juniper Networks Junos OS versions prior to 22.2R3-S2 Juniper Networks Junos OS versions prior to 22.3R2-S1 and 22.3R3 Juniper Networks Junos OS versions prior to 22.4R1-S2 and 22.4R2

Given the instruction to consolidate all ranges of affected versions into the most concise form and considering that versions prior to 20.4R3-S7 are not affected, the most accurate and concise representation would be:

Juniper Networks Junos OS versions 20.4R3-S7 through 21.2R3-S5 Juniper Networks Junos OS versions 21.3R3-S4 and earlier Juniper Networks Junos OS versions 21.4R3-S4 and earlier Juniper Networks Junos OS versions 22.1R3-S2 and earlier Juniper Networks Junos OS versions 22.2R3-S2 and earlier Juniper Networks Junos OS versions 22.3R2-S1 and 22.3R3 and earlier Juniper Networks Junos OS versions 22.4R1-S2 and 22.4R2 and earlier

However, the correct interpretation of the instructions should lead to the realization that the versions are continuous from 20.4R3-S7 up to but not including the specified end versions for each major release. Therefore, the correct and most concise way to represent the affected versions, considering the start point and the various end points for different major releases, is to list each major release's affected range separately, ensuring clarity and adherence to the instructions.

Description An Incomplete Cleanup vulnerability in the Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a memory leak leading to Denial of Service (DoS). When NSR is enabled, a BGP flap will cause a memory leak. A manual reboot of the system will restore the services. The memory usage can be monitored using the commands show chassis routing-engine no-forwarding and show system memory | no-more.

Recommendations For Juniper Networks Junos OS version 21.2, update to version 21.2R3-S5 or later. For Juniper Networks Junos OS version 21.3, update to version 21.3R3-S4 or later. For Juniper Networks Junos OS version 21.4, update to version 21.4R3-S4 or later. For Juniper Networks Junos OS version 22.1, update to version 22.1R3-S2 or later. For Juniper Networks Junos OS version 22.2, update to version 22.2R3-S2 or later. For Juniper Networks Junos OS version 22.3, update to a version later than 22.3R2-S1 and 22.3R3. For Juniper Networks Junos OS version 22.4, update to a version later than 22.4R1-S2 and 22.4R2. As a temporary workaround, consider disabling NSR until a patch is available. Restrict access to the BGP flap to minimize the risk of exploitation. Monitor system memory usage regularly to detect potential memory leaks.