PT-2024-7132 · Juniper Networks · Junos
Published
2024-09-25
·
Updated
2026-01-26
·
CVE-2024-47493
CVSS v4.0
7.1
High
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:X/U:Green |
Name of the Vulnerable Software and Affected Versions
Junos OS versions prior to 21.2R3-S7
Junos OS versions from 21.4 before 21.4R3-S6
Junos OS versions from 22.1 before 22.1R3-S5
Junos OS versions from 22.2 before 22.2R3-S3
Junos OS versions from 22.3 before 22.3R3-S2
Junos OS versions from 22.4 before 22.4R3
Junos OS versions from 23.2 before 23.2R2
Junos OS versions from 23.4 before 23.4R2
Description
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the MX Series platforms with Trio-based FPCs allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In case of channelized Modular Interface Cards (MICs), every physical interface flap operation will leak heap memory. Over a period of time, continuous physical interface flap operations causes local FPC to eventually run out of memory and crash. The issue can be checked using the CLI command
show chassis fpc.Recommendations
Update to Junos OS version 21.2R3-S7 or later for versions prior to 21.2R3-S7
Update to Junos OS version 21.4R3-S6 or later for versions from 21.4 before 21.4R3-S6
Update to Junos OS version 22.1R3-S5 or later for versions from 22.1 before 22.1R3-S5
Update to Junos OS version 22.2R3-S3 or later for versions from 22.2 before 22.2R3-S3
Update to Junos OS version 22.3R3-S2 or later for versions from 22.3 before 22.3R3-S2
Update to Junos OS version 22.4R3 or later for versions from 22.4 before 22.4R3
Update to Junos OS version 23.2R2 or later for versions from 23.2 before 23.2R2
Update to Junos OS version 23.4R2 or later for versions from 23.4 before 23.4R2
Fix
DoS
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos