CVE-2024-39549

HIGH EPSS 37.0%

Published Jul 11, 20241y ago · Modified Jun 17, 20261w ago

8.7 CVSS 4.0

High

Published Jul 11, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS). Consumed memory can be freed by manually restarting Routing Protocol Daemon (rpd). Memory utilization could be monitored by: user@host> show system memory or show system monitor memory status This issue affects: Junos OS: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R1-S2, 23.4R2. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4 before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S3-EVO, * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO.

CVSS Details

Base Score

8.7

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

37.0% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-401

Affected Products 144

Vendor	Product	Version	Range
juniper	junos	*	≤21.1
juniper	junos	21.2	any
juniper	junos	21.2	any
juniper	junos	21.2	any
juniper	junos	21.2	any
juniper	junos	21.2	any
juniper	junos	21.2	any
juniper	junos	21.2	any
juniper	junos	21.2	any
juniper	junos	21.2	any
juniper	junos	21.2	any
juniper	junos	21.2	any
juniper	junos	21.2	any
juniper	junos	21.2	any
juniper	junos	21.2	any
juniper	junos	21.2	any
juniper	junos	21.4	any
juniper	junos	21.4	any
juniper	junos	21.4	any
juniper	junos	21.4	any
juniper	junos	21.4	any
juniper	junos	21.4	any
juniper	junos	21.4	any
juniper	junos	21.4	any
juniper	junos	21.4	any
juniper	junos	21.4	any
juniper	junos	21.4	any
juniper	junos	21.4	any
juniper	junos	21.4	any
juniper	junos	21.4	any
juniper	junos	21.4	any
juniper	junos	22.2	any
juniper	junos	22.2	any
juniper	junos	22.2	any
juniper	junos	22.2	any
juniper	junos	22.2	any
juniper	junos	22.2	any
juniper	junos	22.2	any
juniper	junos	22.2	any
juniper	junos	22.2	any
juniper	junos	22.2	any
juniper	junos	22.2	any
juniper	junos	22.3	any
juniper	junos	22.3	any
juniper	junos	22.3	any
juniper	junos	22.3	any
juniper	junos	22.3	any
juniper	junos	22.3	any
juniper	junos	22.3	any
juniper	junos	22.3	any
juniper	junos	22.3	any
juniper	junos	22.3	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos_os_evolved	*	≤21.1
juniper	junos_os_evolved	21.2	any
juniper	junos_os_evolved	21.2	any
juniper	junos_os_evolved	21.2	any
juniper	junos_os_evolved	21.2	any
juniper	junos_os_evolved	21.2	any
juniper	junos_os_evolved	21.2	any
juniper	junos_os_evolved	21.2	any
juniper	junos_os_evolved	21.2	any
juniper	junos_os_evolved	21.2	any
juniper	junos_os_evolved	21.2	any
juniper	junos_os_evolved	21.2	any
juniper	junos_os_evolved	21.2	any
juniper	junos_os_evolved	21.2	any
juniper	junos_os_evolved	21.2	any
juniper	junos_os_evolved	21.2	any
juniper	junos_os_evolved	21.4	any
juniper	junos_os_evolved	21.4	any
juniper	junos_os_evolved	21.4	any
juniper	junos_os_evolved	21.4	any
juniper	junos_os_evolved	21.4	any
juniper	junos_os_evolved	21.4	any
juniper	junos_os_evolved	21.4	any
juniper	junos_os_evolved	21.4	any
juniper	junos_os_evolved	21.4	any
juniper	junos_os_evolved	21.4	any
juniper	junos_os_evolved	21.4	any
juniper	junos_os_evolved	21.4	any
juniper	junos_os_evolved	21.4	any
juniper	junos_os_evolved	21.4	any
juniper	junos_os_evolved	21.4	any
juniper	junos_os_evolved	22.2	any
juniper	junos_os_evolved	22.2	any
juniper	junos_os_evolved	22.2	any
juniper	junos_os_evolved	22.2	any
juniper	junos_os_evolved	22.2	any
juniper	junos_os_evolved	22.2	any
juniper	junos_os_evolved	22.2	any
juniper	junos_os_evolved	22.2	any
juniper	junos_os_evolved	22.2	any
juniper	junos_os_evolved	22.2	any
juniper	junos_os_evolved	22.2	any
juniper	junos_os_evolved	22.3	any
juniper	junos_os_evolved	22.3	any
juniper	junos_os_evolved	22.3	any
juniper	junos_os_evolved	22.3	any
juniper	junos_os_evolved	22.3	any
juniper	junos_os_evolved	22.3	any
juniper	junos_os_evolved	22.3	any
juniper	junos_os_evolved	22.3	any
juniper	junos_os_evolved	22.3	any
juniper	junos_os_evolved	22.3	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	24.2	any
juniper	junos_os_evolved	24.2	any

References 1

supportportal.juniper.net https://supportportal.juniper.net/JSA83011

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.