What is the severity of CVE-2024-21617?

CVE-2024-21617 is classified as having a high severity due to its ability to cause a Denial of Service (DoS).

How do I fix CVE-2024-21617?

To mitigate CVE-2024-21617, upgrade to the latest patched version of Junos OS as recommended by Juniper Networks.

Which versions of Junos OS are affected by CVE-2024-21617?

CVE-2024-21617 affects multiple versions of Junos OS, including 21.2, 21.3, 21.4, 22.1, 22.2, and 22.3.

Can CVE-2024-21617 be exploited remotely?

Yes, CVE-2024-21617 can be exploited by an adjacent, unauthenticated attacker.

What impact does CVE-2024-21617 have on system performance?

CVE-2024-21617 can lead to a memory leak which significantly degrades system performance and may cause a Denial of Service.

Vulnerability/
CVE-2024-21617

medium

6.5

CWE

459

EPSS

0.049%

12/1/2024

26/1/2024

CVE-2024-21617: Junos OS: BGP flap on NSR-enabled devices causes memory leak

First published: Fri Jan 12 2024(Updated: )

An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS). On all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. The memory usage can be monitored using the below commands. user@host> show chassis routing-engine no-forwarding user@host> show system memory | no-more This issue affects: Juniper Networks Junos OS * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S1, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2. This issue does not affect Junos OS versions earlier than 20.4R3-S7.

Credit: sirt@juniper.net

Affected Software	Affected Version	How to fix
Juniper Junos	=21.2
Juniper Junos	=21.2-r1
Juniper Junos	=21.2-r1-s1
Juniper Junos	=21.2-r1-s2
Juniper Junos	=21.2-r2
Juniper Junos	=21.2-r2-s1
Juniper Junos	=21.2-r2-s2
Juniper Junos	=21.2-r3
Juniper Junos	=21.2-r3-s1
Juniper Junos	=21.2-r3-s2
Juniper Junos	=21.2-r3-s3
Juniper Junos	=21.2-r3-s4
Juniper Junos	=21.3
Juniper Junos	=21.3-r1
Juniper Junos	=21.3-r1-s1
Juniper Junos	=21.3-r1-s2
Juniper Junos	=21.3-r2
Juniper Junos	=21.3-r2-s1
Juniper Junos	=21.3-r2-s2
Juniper Junos	=21.3-r3
Juniper Junos	=21.3-r3-s1
Juniper Junos	=21.3-r3-s2
Juniper Junos	=21.3-r3-s3
Juniper Junos	=21.4
Juniper Junos	=21.4-r1
Juniper Junos	=21.4-r1-s1
Juniper Junos	=21.4-r1-s2
Juniper Junos	=21.4-r2
Juniper Junos	=21.4-r2-s1
Juniper Junos	=21.4-r2-s2
Juniper Junos	=21.4-r3
Juniper Junos	=21.4-r3-s1
Juniper Junos	=21.4-r3-s2
Juniper Junos	=21.4-r3-s3
Juniper Junos	=22.1
Juniper Junos	=22.1-r1
Juniper Junos	=22.1-r1-s1
Juniper Junos	=22.1-r1-s2
Juniper Junos	=22.1-r2
Juniper Junos	=22.1-r2-s1
Juniper Junos	=22.1-r2-s2
Juniper Junos	=22.1-r3
Juniper Junos	=22.1-r3-s1
Juniper Junos	=22.2
Juniper Junos	=22.2-r1
Juniper Junos	=22.2-r1-s1
Juniper Junos	=22.2-r1-s2
Juniper Junos	=22.2-r2
Juniper Junos	=22.2-r2-s1
Juniper Junos	=22.2-r2-s2
Juniper Junos	=22.2-r3
Juniper Junos	=22.2-r3-s1
Juniper Junos	=22.3
Juniper Junos	=22.3-r1
Juniper Junos	=22.3-r1-s1
Juniper Junos	=22.3-r1-s2
Juniper Junos	=22.3-r2
Juniper Junos	=22.4
Juniper Junos	=22.4-r1
Juniper Junos	=22.4-r1-s1

Remedy

The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S5, 21.3R3-S4, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2, 23.2R1, and all subsequent releases.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-21617?
CVE-2024-21617 is classified as having a high severity due to its ability to cause a Denial of Service (DoS).
How do I fix CVE-2024-21617?
To mitigate CVE-2024-21617, upgrade to the latest patched version of Junos OS as recommended by Juniper Networks.
Which versions of Junos OS are affected by CVE-2024-21617?
CVE-2024-21617 affects multiple versions of Junos OS, including 21.2, 21.3, 21.4, 22.1, 22.2, and 22.3.
Can CVE-2024-21617 be exploited remotely?
Yes, CVE-2024-21617 can be exploited by an adjacent, unauthenticated attacker.
What impact does CVE-2024-21617 have on system performance?
CVE-2024-21617 can lead to a memory leak which significantly degrades system performance and may cause a Denial of Service.

agent/remedy
agent/weakness
agent/severity
agent/references
agent/title
agent/author
agent/type
agent/first-publish-date
agent/softwarecombine
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/description
collector/epss-latest
source/FIRST
agent/epss
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/juniper
canonical/juniper junos
version/juniper junos/21.2
version/juniper junos/21.2-r1
version/juniper junos/21.2-r1-s1
version/juniper junos/21.2-r1-s2
version/juniper junos/21.2-r2
version/juniper junos/21.2-r2-s1
version/juniper junos/21.2-r2-s2
version/juniper junos/21.2-r3
version/juniper junos/21.2-r3-s1
version/juniper junos/21.2-r3-s2
version/juniper junos/21.2-r3-s3
version/juniper junos/21.2-r3-s4
version/juniper junos/21.3
version/juniper junos/21.3-r1
version/juniper junos/21.3-r1-s1
version/juniper junos/21.3-r1-s2
version/juniper junos/21.3-r2
version/juniper junos/21.3-r2-s1
version/juniper junos/21.3-r2-s2
version/juniper junos/21.3-r3
version/juniper junos/21.3-r3-s1
version/juniper junos/21.3-r3-s2
version/juniper junos/21.3-r3-s3
version/juniper junos/21.4
version/juniper junos/21.4-r1
version/juniper junos/21.4-r1-s1
version/juniper junos/21.4-r1-s2
version/juniper junos/21.4-r2
version/juniper junos/21.4-r2-s1
version/juniper junos/21.4-r2-s2
version/juniper junos/21.4-r3
version/juniper junos/21.4-r3-s1
version/juniper junos/21.4-r3-s2
version/juniper junos/21.4-r3-s3
version/juniper junos/22.1
version/juniper junos/22.1-r1
version/juniper junos/22.1-r1-s1
version/juniper junos/22.1-r1-s2
version/juniper junos/22.1-r2
version/juniper junos/22.1-r2-s1
version/juniper junos/22.1-r2-s2
version/juniper junos/22.1-r3
version/juniper junos/22.1-r3-s1
version/juniper junos/22.2
version/juniper junos/22.2-r1
version/juniper junos/22.2-r1-s1
version/juniper junos/22.2-r1-s2
version/juniper junos/22.2-r2
version/juniper junos/22.2-r2-s1
version/juniper junos/22.2-r2-s2
version/juniper junos/22.2-r3
version/juniper junos/22.2-r3-s1
version/juniper junos/22.3
version/juniper junos/22.3-r1
version/juniper junos/22.3-r1-s1
version/juniper junos/22.3-r1-s2
version/juniper junos/22.3-r2
version/juniper junos/22.4
version/juniper junos/22.4-r1
version/juniper junos/22.4-r1-s1