cve-2024-39518
Vulnerability from cvelistv5
Published
2024-07-10 23:07
Modified
2024-08-02 04:26
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
EPSS score ?
Summary
Junos OS: MX240, MX480, MX960 platforms using MPC10E: Memory leak will be observed when subscribed to a specific subscription on Junos Telemetry Interface
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Juniper Networks | Junos OS |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2R3-S5",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4R3-S4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2R3",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3R2",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4R1",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2R1",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39518",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T14:09:55.941009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T16:42:36.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX240 using MPC10E",
"MX480 using MPC10E",
"MX960 using MPC10E"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2R3-S5",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4R3-S4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2R3",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3R2",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4R1",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2R1",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive. A manual reboot of the Line Card will be required to restore the device to its normal functioning.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eThis issue is only seen when telemetry subscription is active.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eThe Heap memory utilization can be monitored using the following command:\u003cbr\u003e\u0026nbsp; \u0026gt; show system processes extensive\u003cbr\u003e\u003cbr\u003eThe following command can be used to monitor the memory utilization of the specific sensor\u003cbr\u003e\u0026nbsp; \u0026gt; show system info | match sensord\u003cbr\u003e\u003cpre\u003e PID NAME MEMORY PEAK MEMORY %CPU THREAD-COUNT CORE-AFFINITY UPTIME\u003cbr\u003e\n 1986 sensord 877.57MB 877.57MB 2 4 0,2-15 7-21:41:32\u003c/pre\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.2R3-S5 before 21.2R3-S7,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.4R3-S4 before 21.4R3-S6,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.2R3 before 22.2R3-S4,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.3R2 before 22.3R3-S2,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.4R1 before 22.4R3,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.2R1 before 23.2R2.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS).\n\nWhen the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive. A manual reboot of the Line Card will be required to restore the device to its normal functioning.\u00a0\n\nThis issue is only seen when telemetry subscription is active.\n\nThe Heap memory utilization can be monitored using the following command:\n\u00a0 \u003e show system processes extensive\n\nThe following command can be used to monitor the memory utilization of the specific sensor\n\u00a0 \u003e show system info | match sensord\n PID NAME MEMORY PEAK MEMORY %CPU THREAD-COUNT CORE-AFFINITY UPTIME\n\n 1986 sensord 877.57MB 877.57MB 2 4 0,2-15 7-21:41:32\n\n\nThis issue affects Junos OS:\u00a0\n\n\n\n * from 21.2R3-S5 before 21.2R3-S7,\u00a0\n * from 21.4R3-S4 before 21.4R3-S6,\u00a0\n * from 22.2R3 before 22.2R3-S4,\u00a0\n * from 22.3R2 before 22.3R3-S2,\u00a0\n * from 22.4R1 before 22.4R3,\u00a0\n * from 23.2R1 before 23.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T23:07:59.646Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82982"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S10, 21.2R3-S7,\u0026nbsp;21.4R3-S6,\u0026nbsp;22.2R3-S3, 22.2R3-S4,\u0026nbsp;22.3R3-S2,\u0026nbsp;22.4R3,\u0026nbsp;23.2R2, 23.4R1, 23.4R2, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S10, 21.2R3-S7,\u00a021.4R3-S6,\u00a022.2R3-S3, 22.2R3-S4,\u00a022.3R3-S2,\u00a022.4R3,\u00a023.2R2, 23.4R1, 23.4R2, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82982",
"defect": [
"1771284"
],
"discovery": "USER"
},
"title": "Junos OS: MX240, MX480, MX960 platforms using MPC10E: Memory leak will be observed when subscribed to a specific subscription on Junos Telemetry Interface",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39518",
"datePublished": "2024-07-10T23:07:59.646Z",
"dateReserved": "2024-06-25T15:12:53.239Z",
"dateUpdated": "2024-08-02T04:26:15.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-39518\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2024-07-10T23:15:11.363\",\"lastModified\":\"2024-07-11T13:05:54.930\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS).\\n\\nWhen the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive. A manual reboot of the Line Card will be required to restore the device to its normal functioning.\u00a0\\n\\nThis issue is only seen when telemetry subscription is active.\\n\\nThe Heap memory utilization can be monitored using the following command:\\n\u00a0 \u003e show system processes extensive\\n\\nThe following command can be used to monitor the memory utilization of the specific sensor\\n\u00a0 \u003e show system info | match sensord\\n PID NAME MEMORY PEAK MEMORY %CPU THREAD-COUNT CORE-AFFINITY UPTIME\\n\\n 1986 sensord 877.57MB 877.57MB 2 4 0,2-15 7-21:41:32\\n\\n\\nThis issue affects Junos OS:\u00a0\\n\\n\\n\\n * from 21.2R3-S5 before 21.2R3-S7,\u00a0\\n * from 21.4R3-S4 before 21.4R3-S6,\u00a0\\n * from 22.2R3 before 22.2R3-S4,\u00a0\\n * from 22.3R2 before 22.3R3-S2,\u00a0\\n * from 22.4R1 before 22.4R3,\u00a0\\n * from 23.2R1 before 23.2R2.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en el proceso del sensor de telemetr\u00eda (sensord) de Juniper Networks Junos OS en plataformas MX240, MX480, MX960 que utilizan MPC10E provoca un aumento constante en la utilizaci\u00f3n de la memoria, lo que en \u00faltima instancia conduce a una denegaci\u00f3n de servicio (DoS). Cuando el dispositivo est\u00e1 suscrito a una suscripci\u00f3n espec\u00edfica en Junos Telemetry Interface, se produce una p\u00e9rdida lenta de memoria y, finalmente, se consumen todos los recursos y el dispositivo deja de responder. Ser\u00e1 necesario reiniciar manualmente la tarjeta de l\u00ednea para restaurar el dispositivo a su funcionamiento normal. Este problema solo se ve cuando la suscripci\u00f3n de telemetr\u00eda est\u00e1 activa. La utilizaci\u00f3n de la memoria del mont\u00f3n se puede monitorear usando el siguiente comando: \u0026gt; show system processes extensive El siguiente comando se puede usar para monitorear la utilizaci\u00f3n de la memoria del sensor espec\u00edfico \u0026gt; show system info | match sensord NOMBRE PID MEMORIA PICO DE MEMORIA %CPU N\u00daMERO DE HILOS CORE-AFFINITY UPTIME 1986 sensord 877.57MB 877.57MB 2 4 0,2-15 7-21:41:32 Este problema afecta a Junos OS: * de 21.2R3-S5 antes de 21.2 R3-S7, * de 21.4R3-S4 antes de 21.4R3-S6, * de 22.2R3 antes de 22.2R3-S4, * de 22.3R2 antes de 22.3R3-S2, * de 22.4R1 antes de 22.4R3, * de 23.2R1 antes de 23.2 R2.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"NONE\",\"vulnerableSystemIntegrity\":\"NONE\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA82982\",\"source\":\"sirt@juniper.net\"}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.