CVE-2024-21587

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on MX Series versions prior to 20.4R3-S9 Juniper Networks Junos OS on MX Series version 21.2 versions prior to 21.2R3-S7 Juniper Networks Junos OS on MX Series version 21.3 versions prior to 21.3R3-S5 Juniper Networks Junos OS on MX Series version 21.4 versions prior to 21.4R3-S5 Juniper Networks Junos OS on MX Series version 22.1 versions prior to 22.1R3-S4 Juniper Networks Junos OS on MX Series version 22.2 versions prior to 22.2R3-S3 Juniper Networks Junos OS on MX Series version 22.3 versions prior to 22.3R3-S2 Juniper Networks Junos OS on MX Series version 22.4 versions prior to 22.4R2-S2, 22.4R3 Juniper Networks Junos OS on MX Series version 23.2 versions prior to 23.2R1-S1, 23.2R2

Description The issue is related to an Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series. This vulnerability allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). The memory can only be recovered by manually restarting bbe-smgd. This issue only occurs if BFD liveness detection for DHCP subscribers is enabled. Systems without BFD liveness detection enabled are not vulnerable to this issue. The indication of the issue can be observed by periodically executing the 'show system processes extensive' command, which will indicate an increase in memory allocation for bbe-smgd.

Recommendations For versions prior to 20.4R3-S9, update to version 20.4R3-S9 or later. For version 21.2, update to version 21.2R3-S7 or later. For version 21.3, update to version 21.3R3-S5 or later. For version 21.4, update to version 21.4R3-S5 or later. For version 22.1, update to version 22.1R3-S4 or later. For version 22.2, update to version 22.2R3-S3 or later. For version 22.3, update to version 22.3R3-S2 or later. For version 22.4, update to version 22.4R2-S2, 22.4R3 or later. For version 23.2, update to version 23.2R1-S1, 23.2R2 or later. As a temporary workaround, consider restarting bbe-smgd manually to recover memory.