CVE-2024-21587
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-21587 is an Improper Handling of Exceptional Conditions vulnerability impacting Juniper Networks Junos OS on MX Series. Directly connected attackers can cause a Denial of Service (DoS) by manipulating DHCP subscriber sessions, resulting in a memory leak that ultimately leads to memory starvation. This issue only occurs when BFD liveness detection for DHCP subscribers is enabled. Memory leaks are indicated through an increase in bbe-smgd memory allocation over time as observed in the 'show system processes extensive' command. Affected versions include all releases earlier than 20.4R3-S9, 21.2 versions prior to 21.2R3-S7, 21.3 versions before 21.3R3-S5, 21.4 versions before 21.4R3-S5, 22.1 versions before 22.1R3-S4, 22.2 versions before 22.2R3-S3, 22.3 versions before 22.3R3-S2, and 22.4 versions before 22.4R2-S2 and 22.4R3.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Juniper Junos
Affected Vendors
- Juniper Networks
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions