Beware of Memory Leaks in Juniper Networks Junos OS and Junos OS Evolved Routers

CVECVE-2024-21611
CVSScvssV3_1: 7.5
SourceCVE-2024-21611

Juniper Networks routers running Junos OS and Junos OS Evolved are affected by a vulnerability that can allow remote attackers to cause denial of service through memory leaks.

The Routing Protocol Daemon (rpd) in Juniper routers is prone to memory leaks when route updates occur frequently due to changing BGP next hops. This can exhaust the memory allocated to rpd over time. An unauthenticated attacker on the network can trigger such route churn by manipulating BGP routes, leading to a memory leak.

If not addressed, the memory leak will cause rpd to crash, disrupting the routing functions. This can negatively impact network connectivity and availability for users.

Administrators currently running affected versions of Junos OS and Junos OS Evolved should upgrade to the latest versions to patch this vulnerability. Juniper has released versions 21.4R3, 22.1R3 and 22.2R3 which resolve the memory leak issue in rpd.

It is also recommended to monitor memory utilization of rpd using the “show task memory detail” command to detect any abnormal increases early and take corrective action. Tightening firewall rules to block unnecessary traffic to routing ports can make exploitation more difficult.

References