PT-2024-28521 · Juniper Networks · Junos
Published
2024-07-10
·
Updated
2024-07-11
·
CVE-2024-39539
CVSS v4.0
6.0
Medium
| Vector | AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Junos OS on MX Series versions prior to 21.2R3-S6
Junos OS on MX Series version 21.4 prior to 21.4R3-S6
Junos OS on MX Series version 22.1 prior to 22.1R3-S5
Junos OS on MX Series version 22.2 prior to 22.2R3-S3
Junos OS on MX Series version 22.3 prior to 22.3R3-S2
Junos OS on MX Series version 22.4 prior to 22.4R3
Junos OS on MX Series version 23.2 prior to 23.2R2
Description
A Missing Release of Memory after Effective Lifetime issue allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). In a subscriber management scenario, continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart.
Recommendations
For versions prior to 21.2R3-S6, update to 21.2R3-S6 or later.
For version 21.4 prior to 21.4R3-S6, update to 21.4R3-S6 or later.
For version 22.1 prior to 22.1R3-S5, update to 22.1R3-S5 or later.
For version 22.2 prior to 22.2R3-S3, update to 22.2R3-S3 or later.
For version 22.3 prior to 22.3R3-S2, update to 22.3R3-S2 or later.
For version 22.4 prior to 22.4R3, update to 22.4R3 or later.
For version 23.2 prior to 23.2R2, update to 23.2R2 or later.
Fix
DoS
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos