CVE-2024-47493

high

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the MX Series platforms with Trio-based FPCs allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In case of channelized Modular Interface Cards (MICs), every physical interface flap operation will leak heap memory. Over a period of time, continuous physical interface flap operations causes local FPC to eventually run out of memory and crash. Below CLI command can be used to check the memory usage over a period of time: user@host> show chassis fpc Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%) Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer 0 Online 43 41 2 2048 49 14 1 Online 43 41 2 2048 49 14 2 Online 43 41 2 2048 49 14 This issue affects Junos OS on MX Series: * All versions before 21.2R3-S7, * from 21.4 before 21.4R3-S6, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2, * from 23.4 before 23.4R2.

References

https://www.juniper.net/documentation/us/en/software/junos/interfaces-link-multilink/topics/topic-map/link-multilink-services-understanding.html#id-multilink-interfaces-on-channelized-mics-overview

https://supportportal.juniper.net/

Details

Source: Mitre, NVD

Published: 2024-10-11

Updated: 2024-11-08

Risk Information

CVSS v2

Base Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

CVSS v4

Base Score: 7.1

Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Severity: High