CVE-2024-21609
Vulnerability from cvelistv5
Published
2024-04-12 14:55
Modified
2024-08-01 22:27
Summary
Junos OS: MX Series with SPC3, and SRX Series: If specific IPsec parameters are negotiated iked will crash due to a memory leak
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21609",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-17T17:18:38.989630Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-03T16:41:11.676Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:35.671Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://supportportal.juniper.net/JSA75750"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MX Series with SPC3",
            "SRX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.4R3-S9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.2R3-S7",
              "status": "affected",
              "version": "21.2",
              "versionType": "semver"
            },
            {
              "lessThan": "21.3R3-S5",
              "status": "affected",
              "version": "21.3",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S4",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S3",
              "status": "affected",
              "version": "22.1",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S2",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R1-S2, 23.2R2",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eTo be exposed to this issue IPsec VPN needs to be configured with a minimal ike configuration:\u003c/p\u003e\u003cp\u003e\u0026nbsp; [ security ike gateway ike-policy ]\u003c/p\u003e\u003cp\u003e\u0026nbsp; [ security ipsec vpn ike gateway ]\u003c/p\u003e\u003cp\u003eand the system needs to run iked (vs. kmd which is not affected), which can be verified with:\u003c/p\u003e\u003cp\u003e\u0026nbsp; show system processes extensive | match \"KMD|IKED\"\u003c/p\u003e"
            }
          ],
          "value": "To be exposed to this issue IPsec VPN needs to be configured with a minimal ike configuration:\n\n\u00a0 [ security ike gateway ike-policy ]\n\n\u00a0 [ security ipsec vpn ike gateway ]\n\nand the system needs to run iked (vs. kmd which is not affected), which can be verified with:\n\n\u00a0 show system processes extensive | match \"KMD|IKED\""
        }
      ],
      "datePublic": "2024-04-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eIf specific values for the IPsec parameters local-ip, remote-ip, remote ike-id, and traffic selectors are sent from the peer, a memory leak occurs during every IPsec SA rekey which is carried out with a specific message sequence. This will eventually result in an iked process crash and restart.\u003cbr\u003e\u003cbr\u003eThe iked process memory consumption can be checked using the below command:\u003cbr\u003e\u003ctt\u003e\u0026nbsp; user@host\u0026gt; show system processes extensive | grep iked\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;  PID   USERNAME  \u0026nbsp;  PRI  NICE  \u0026nbsp; SIZE  \u0026nbsp; RES  \u0026nbsp; STATE  \u0026nbsp; C   TIME  WCPU COMMAND\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;  56903 root  \u0026nbsp; \u0026nbsp; \u0026nbsp;  31  \u0026nbsp; 0  \u0026nbsp; \u0026nbsp; 4016M  2543M   CPU0  \u0026nbsp;  0   2:10  10.50% iked\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eThis issue affects Juniper Networks Junos OS:\u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 20.4R3-S9;\u003c/li\u003e\u003cli\u003e21.2 versions earlier than 21.2R3-S7;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S4;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S3;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S2;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R3;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R3;\u003c/li\u003e\u003cli\u003e23.2 versions earlier than 23.2R1-S2, 23.2R2.\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service (DoS).\n\nIf specific values for the IPsec parameters local-ip, remote-ip, remote ike-id, and traffic selectors are sent from the peer, a memory leak occurs during every IPsec SA rekey which is carried out with a specific message sequence. This will eventually result in an iked process crash and restart.\n\nThe iked process memory consumption can be checked using the below command:\n\u00a0 user@host\u003e show system processes extensive | grep iked\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0  PID   USERNAME  \u00a0  PRI  NICE  \u00a0 SIZE  \u00a0 RES  \u00a0 STATE  \u00a0 C   TIME  WCPU COMMAND\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0  56903 root  \u00a0 \u00a0 \u00a0  31  \u00a0 0  \u00a0 \u00a0 4016M  2543M   CPU0  \u00a0  0   2:10  10.50% iked\n\nThis issue affects Juniper Networks Junos OS:\n  *  All versions earlier than 20.4R3-S9;\n  *  21.2 versions earlier than 21.2R3-S7;\n  *  21.3 versions earlier than 21.3R3-S5;\n  *  21.4 versions earlier than 21.4R3-S4;\n  *  22.1 versions earlier than 22.1R3-S3;\n  *  22.2 versions earlier than 22.2R3-S2;\n  *  22.3 versions earlier than 22.3R3;\n  *  22.4 versions earlier than 22.4R3;\n  *  23.2 versions earlier than 23.2R1-S2, 23.2R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-16T20:09:32.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://supportportal.juniper.net/JSA75750"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S2, 22.3R3, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases.\u003c/p\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S2, 22.3R3, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA75750",
        "defect": [
          "1718199"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-10T16:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Junos OS: MX Series with SPC3, and SRX Series: If specific IPsec parameters are negotiated iked will crash due to a memory leak",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eWhile there is no workaround available, customers can monitor the memory utilization and restart iked periodically to clear the leak.\u003c/p\u003e"
            }
          ],
          "value": "While there is no workaround available, customers can monitor the memory utilization and restart iked periodically to clear the leak."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-av217"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-21609",
    "datePublished": "2024-04-12T14:55:00.663Z",
    "dateReserved": "2023-12-27T19:38:25.708Z",
    "dateUpdated": "2024-08-01T22:27:35.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-21609\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2024-04-12T15:15:23.770\",\"lastModified\":\"2024-05-16T20:15:09.030\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service (DoS).\\n\\nIf specific values for the IPsec parameters local-ip, remote-ip, remote ike-id, and traffic selectors are sent from the peer, a memory leak occurs during every IPsec SA rekey which is carried out with a specific message sequence. This will eventually result in an iked process crash and restart.\\n\\nThe iked process memory consumption can be checked using the below command:\\n\u00a0 user@host\u003e show system processes extensive | grep iked\\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0  PID   USERNAME  \u00a0  PRI  NICE  \u00a0 SIZE  \u00a0 RES  \u00a0 STATE  \u00a0 C   TIME  WCPU COMMAND\\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0  56903 root  \u00a0 \u00a0 \u00a0  31  \u00a0 0  \u00a0 \u00a0 4016M  2543M   CPU0  \u00a0  0   2:10  10.50% iked\\n\\nThis issue affects Juniper Networks Junos OS:\\n  *  All versions earlier than 20.4R3-S9;\\n  *  21.2 versions earlier than 21.2R3-S7;\\n  *  21.3 versions earlier than 21.3R3-S5;\\n  *  21.4 versions earlier than 21.4R3-S4;\\n  *  22.1 versions earlier than 22.1R3-S3;\\n  *  22.2 versions earlier than 22.2R3-S2;\\n  *  22.3 versions earlier than 22.3R3;\\n  *  22.4 versions earlier than 22.4R3;\\n  *  23.2 versions earlier than 23.2R1-S2, 23.2R2.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de liberaci\u00f3n de memoria faltante despu\u00e9s de la vida \u00fatil efectiva en el daemon IKE (iked) de Juniper Networks Junos OS en la serie MX con SPC3 y la serie SRX permite que un atacante administrativamente adyacente que pueda establecer con \u00e9xito t\u00faneles IPsec provoque una denegaci\u00f3n de servicio ( DoS). Si el par env\u00eda valores espec\u00edficos para los par\u00e1metros IPsec local-ip, remoto-ip, remoto ike-id y selectores de tr\u00e1fico, se produce una p\u00e9rdida de memoria durante cada nueva clave de IPsec SA que se lleva a cabo con una secuencia de mensajes espec\u00edfica. Esto eventualmente resultar\u00e1 en un bloqueo y reinicio del proceso iked. El consumo de memoria del proceso iked se puede verificar usando el siguiente comando: usuario@host\u0026gt; mostrar procesos del sistema extensos | grep iked PID NOMBRE DE USUARIO PRI NICE TAMA\u00d1O RES ESTADO C HORA WCPU COMANDO 56903 root 31 0 4016M 2543M CPU0 0 2:10 10,50% iked Este problema afecta a Juniper Networks Junos OS: * Todas las versiones anteriores a 20.4R3-S9; * Versiones 21.2 anteriores a 21.2R3-S7; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S4; * Versiones 22.1 anteriores a 22.1R3-S3; * Versiones 22.2 anteriores a 22.2R3-S2; * Versiones 22.3 anteriores a 22.3R3; * Versiones 22.4 anteriores a 22.4R3; * Versiones 23.2 anteriores a 23.2R1-S2, 23.2R2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"references\":[{\"url\":\"http://supportportal.juniper.net/JSA75750\",\"source\":\"sirt@juniper.net\"},{\"url\":\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L\",\"source\":\"sirt@juniper.net\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.