Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39550", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2024-06-25T15:12:53.246Z", "datePublished": "2024-07-11T16:29:03.646Z", "dateUpdated": "2024-08-02T04:26:15.926Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MX Series with SPC3"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.2R3-S8", "status": "affected", "version": "21.2R3", "versionType": "semver"}, {"lessThan": "21.4R3-S6", "status": "affected", "version": "21.4R2", "versionType": "semver"}, {"lessThan": "22.1R3-S5", "status": "affected", "version": "22.1", "versionType": "semver"}, {"lessThan": "22.2R3-S3", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R3-S2", "status": "affected", "version": "22.3", "versionType": "semver"}, {"lessThan": "22.4R3-S1", "status": "affected", "version": "22.4", "versionType": "semver"}, {"lessThan": "23.2R2", "status": "affected", "version": "23.2", "versionType": "semver"}, {"lessThan": "23.4R2", "status": "affected", "version": "23.4", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Next Gen Services </span>can be enabled by using this command: <br><br>user@host> request system enable unified-services<br><br><span style=\"background-color: rgb(255, 255, 255);\">After you enter </span><code>request system enable unified-services</code><span style=\"background-color: rgb(255, 255, 255);\">, reboot the chassis.</span><br><br>"}], "value": "Next Gen Services\u00a0can be enabled by using this command:\u00a0\n\nuser@host> request system enable unified-services\n\nAfter you enter request system enable unified-services, reboot the chassis."}], "datePublic": "2024-07-10T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process<span style=\"background-color: rgb(255, 255, 255);\"> of </span>Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps) <span style=\"background-color: var(--wht);\">to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). <br><br>Memory can only be recovered by manually restarting rtlogd process. <br><p>The memory usage can be monitored using the below command.</p><code>\u2003\u2003\u2003\u2003user@host> show system processes extensive | match rtlog <br></code></span><br><p></p><p>This issue affects Junos OS on MX Series with SPC3 line card: </p><p></p><ul><li>from 21.2R3 before 21.2R3-S8, </li><li>from 21.4R2 before 21.4R3-S6, </li><li>from 22.1 before 22.1R3-S5, </li><li>from 22.2 before 22.2R3-S3, </li><li>from 22.3 before 22.3R3-S2, </li><li>from 22.4 before 22.4R3-S1, </li><li>from 23.2 before 23.2R2, </li><li>from 23.4 before 23.4R2.</li></ul>"}], "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process\u00a0of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps)\u00a0to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). \n\nMemory can only be recovered by manually restarting rtlogd process.\u00a0\nThe memory usage can be monitored using the below command.\n\n\u2003\u2003\u2003\u2003user@host> show system processes extensive | match rtlog\u00a0\n\n\n\nThis issue affects Junos OS on MX Series with SPC3 line card:\u00a0\n\n\n\n * from 21.2R3 before 21.2R3-S8,\u00a0\n * from 21.4R2 before 21.4R3-S6,\u00a0\n * from 22.1 before 22.1R3-S5,\u00a0\n * from 22.2 before 22.2R3-S3,\u00a0\n * from 22.3 before 22.3R3-S2,\u00a0\n * from 22.4 before 22.4R3-S1,\u00a0\n * from 23.2 before 23.2R2,\u00a0\n * from 23.4 before 23.4R2."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:U", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-07-11T16:29:03.646Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA83012"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:<br> <br>Junos OS: 21.2R3-S8, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue:\n \nJunos OS: 21.2R3-S8, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases."}], "source": {"advisory": "JSA83012", "defect": ["1779424"], "discovery": "USER"}, "title": "Junos OS: MX Series with SPC3 line card: Port flaps causes rtlogd memory leak leading to Denial of Service", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue."}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-11T18:47:29.420589Z", "id": "CVE-2024-39550", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T18:47:38.416Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.926Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://supportportal.juniper.net/JSA83012"}]}]}}