{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39550", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2024-06-25T15:12:53.246Z", "datePublished": "2024-07-11T16:29:03.646Z", "dateUpdated": "2024-08-02T04:26:15.926Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MX Series with SPC3"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.2R3-S8", "status": "affected", "version": "21.2R3", "versionType": "semver"}, {"lessThan": "21.4R3-S6", "status": "affected", "version": "21.4R2", "versionType": "semver"}, {"lessThan": "22.1R3-S5", "status": "affected", "version": "22.1", "versionType": "semver"}, {"lessThan": "22.2R3-S3", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R3-S2", "status": "affected", "version": "22.3", "versionType": "semver"}, {"lessThan": "22.4R3-S1", "status": "affected", "version": "22.4", "versionType": "semver"}, {"lessThan": "23.2R2", "status": "affected", "version": "23.2", "versionType": "semver"}, {"lessThan": "23.4R2", "status": "affected", "version": "23.4", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Next Gen Services&nbsp;</span>can be enabled by using this command:&nbsp;<br><br>user@host&gt; request system enable unified-services<br><br><span style=\"background-color: rgb(255, 255, 255);\">After you enter </span><code>request system enable unified-services</code><span style=\"background-color: rgb(255, 255, 255);\">, reboot the chassis.</span><br><br>"}], "value": "Next Gen Services\u00a0can be enabled by using this command:\u00a0\n\nuser@host> request system enable unified-services\n\nAfter you enter request system enable unified-services, reboot the chassis."}], "datePublic": "2024-07-10T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;of </span>Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps)&nbsp;<span style=\"background-color: var(--wht);\">to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). <br><br>Memory can only be recovered by manually restarting rtlogd process.&nbsp;<br><p>The memory usage can be monitored using the below command.</p><code>\u2003\u2003\u2003\u2003user@host&gt; show system processes extensive | match rtlog&nbsp;<br></code></span><br><p></p><p>This issue affects Junos OS on MX Series with SPC3 line card:&nbsp;</p><p></p><ul><li>from 21.2R3 before 21.2R3-S8,&nbsp;</li><li>from 21.4R2 before 21.4R3-S6,&nbsp;</li><li>from 22.1 before 22.1R3-S5,&nbsp;</li><li>from 22.2 before 22.2R3-S3,&nbsp;</li><li>from 22.3 before 22.3R3-S2,&nbsp;</li><li>from 22.4 before 22.4R3-S1,&nbsp;</li><li>from 23.2 before 23.2R2,&nbsp;</li><li>from 23.4 before 23.4R2.</li></ul>"}], "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process\u00a0of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps)\u00a0to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). \n\nMemory can only be recovered by manually restarting rtlogd process.\u00a0\nThe memory usage can be monitored using the below command.\n\n\u2003\u2003\u2003\u2003user@host> show system processes extensive | match rtlog\u00a0\n\n\n\nThis issue affects Junos OS on MX Series with SPC3 line card:\u00a0\n\n\n\n  *  from 21.2R3 before 21.2R3-S8,\u00a0\n  *  from 21.4R2 before 21.4R3-S6,\u00a0\n  *  from 22.1 before 22.1R3-S5,\u00a0\n  *  from 22.2 before 22.2R3-S3,\u00a0\n  *  from 22.3 before 22.3R3-S2,\u00a0\n  *  from 22.4 before 22.4R3-S1,\u00a0\n  *  from 23.2 before 23.2R2,\u00a0\n  *  from 23.4 before 23.4R2."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:U", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-07-11T16:29:03.646Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA83012"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:<br> <br>Junos OS: 21.2R3-S8, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue:\n \nJunos OS: 21.2R3-S8, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases."}], "source": {"advisory": "JSA83012", "defect": ["1779424"], "discovery": "USER"}, "title": "Junos OS: MX Series with SPC3 line card: Port flaps causes rtlogd memory leak leading to Denial of Service", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue."}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-11T18:47:29.420589Z", "id": "CVE-2024-39550", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T18:47:38.416Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.926Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://supportportal.juniper.net/JSA83012"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39550", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-11T18:47:29.420589Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T18:47:35.687Z"}}], "cna": {"title": "Junos OS: MX Series with SPC3 line card: Port flaps causes rtlogd memory leak leading to Denial of Service", "source": {"defect": ["1779424"], "advisory": "JSA83012", "discovery": "USER"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:U", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "affected", "version": "21.2R3", "lessThan": "21.2R3-S8", "versionType": "semver"}, {"status": "affected", "version": "21.4R2", "lessThan": "21.4R3-S6", "versionType": "semver"}, {"status": "affected", "version": "22.1", "lessThan": "22.1R3-S5", "versionType": "semver"}, {"status": "affected", "version": "22.2", "lessThan": "22.2R3-S3", "versionType": "semver"}, {"status": "affected", "version": "22.3", "lessThan": "22.3R3-S2", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R3-S1", "versionType": "semver"}, {"status": "affected", "version": "23.2", "lessThan": "23.2R2", "versionType": "semver"}, {"status": "affected", "version": "23.4", "lessThan": "23.4R2", "versionType": "semver"}], "platforms": ["MX Series with SPC3"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue:\n \nJunos OS: 21.2R3-S8, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases.", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:<br> <br>Junos OS: 21.2R3-S8, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases.", "base64": false}]}], "datePublic": "2024-07-10T16:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/JSA83012", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue.", "supportingMedia": [{"type": "text/html", "value": "There are no known workarounds for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process\u00a0of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps)\u00a0to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). \n\nMemory can only be recovered by manually restarting rtlogd process.\u00a0\nThe memory usage can be monitored using the below command.\n\n\u2003\u2003\u2003\u2003user@host> show system processes extensive | match rtlog\u00a0\n\n\n\nThis issue affects Junos OS on MX Series with SPC3 line card:\u00a0\n\n\n\n  *  from 21.2R3 before 21.2R3-S8,\u00a0\n  *  from 21.4R2 before 21.4R3-S6,\u00a0\n  *  from 22.1 before 22.1R3-S5,\u00a0\n  *  from 22.2 before 22.2R3-S3,\u00a0\n  *  from 22.3 before 22.3R3-S2,\u00a0\n  *  from 22.4 before 22.4R3-S1,\u00a0\n  *  from 23.2 before 23.2R2,\u00a0\n  *  from 23.4 before 23.4R2.", "supportingMedia": [{"type": "text/html", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;of </span>Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps)&nbsp;<span style=\"background-color: var(--wht);\">to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). <br><br>Memory can only be recovered by manually restarting rtlogd process.&nbsp;<br><p>The memory usage can be monitored using the below command.</p><code>\u2003\u2003\u2003\u2003user@host&gt; show system processes extensive | match rtlog&nbsp;<br></code></span><br><p></p><p>This issue affects Junos OS on MX Series with SPC3 line card:&nbsp;</p><p></p><ul><li>from 21.2R3 before 21.2R3-S8,&nbsp;</li><li>from 21.4R2 before 21.4R3-S6,&nbsp;</li><li>from 22.1 before 22.1R3-S5,&nbsp;</li><li>from 22.2 before 22.2R3-S3,&nbsp;</li><li>from 22.3 before 22.3R3-S2,&nbsp;</li><li>from 22.4 before 22.4R3-S1,&nbsp;</li><li>from 23.2 before 23.2R2,&nbsp;</li><li>from 23.4 before 23.4R2.</li></ul>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "configurations": [{"lang": "en", "value": "Next Gen Services\u00a0can be enabled by using this command:\u00a0\n\nuser@host> request system enable unified-services\n\nAfter you enter request system enable unified-services, reboot the chassis.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Next Gen Services&nbsp;</span>can be enabled by using this command:&nbsp;<br><br>user@host&gt; request system enable unified-services<br><br><span style=\"background-color: rgb(255, 255, 255);\">After you enter </span><code>request system enable unified-services</code><span style=\"background-color: rgb(255, 255, 255);\">, reboot the chassis.</span><br><br>", "base64": false}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-07-11T16:29:03.646Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39550", "state": "PUBLISHED", "dateUpdated": "2024-07-11T18:47:38.416Z", "dateReserved": "2024-06-25T15:12:53.246Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2024-07-11T16:29:03.646Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process\u00a0of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps)\u00a0to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). \n\nMemory can only be recovered by manually restarting rtlogd process.\u00a0\nThe memory usage can be monitored using the below command.\n\n\u2003\u2003\u2003\u2003user@host> show system processes extensive | match rtlog\u00a0\n\n\n\nThis issue affects Junos OS on MX Series with SPC3 line card:\u00a0\n\n\n\n  *  from 21.2R3 before 21.2R3-S8,\u00a0\n  *  from 21.4R2 before 21.4R3-S6,\u00a0\n  *  from 22.1 before 22.1R3-S5,\u00a0\n  *  from 22.2 before 22.2R3-S3,\u00a0\n  *  from 22.3 before 22.3R3-S2,\u00a0\n  *  from 22.4 before 22.4R3-S1,\u00a0\n  *  from 23.2 before 23.2R2,\u00a0\n  *  from 23.4 before 23.4R2."}, {"lang": "es", "value": "Una vulnerabilidad de liberaci\u00f3n de memoria faltante despu\u00e9s de la vida \u00fatil efectiva en el proceso rtlogd de Juniper Networks Junos OS en la serie MX con SPC3 permite que un atacante adyacente no autenticado desencadene una causa de eventos internos (que se puede lograr mediante solapas repetidas de puertos) para causar una p\u00e9rdida de memoria lenta. , lo que en \u00faltima instancia conduce a una denegaci\u00f3n de servicio (DoS). La memoria s\u00f3lo se puede recuperar reiniciando manualmente el proceso rtlogd. El uso de la memoria se puede monitorear usando el siguiente comando.     usuario@host> show system processes extensive | match rtlog Este problema afecta a Junos OS en la serie MX con tarjeta de l\u00ednea SPC3: * desde 21.2R3 antes de 21.2R3-S8, * desde 21.4R2 antes de 21.4R3-S6, * desde 22.1 antes de 22.1R3-S5, * desde 22.2 antes de 22.2R3 -S3, * de 22.3 antes de 22.3R3-S2, * de 22.4 antes de 22.4R3-S1, * de 23.2 antes de 23.2R2, * de 23.4 antes de 23.4R2."}], "id": "CVE-2024-39550", "lastModified": "2024-11-21T09:27:59.427", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "USER", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2024-07-11T17:15:15.900", "references": [{"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA83012"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://supportportal.juniper.net/JSA83012"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

{}