What is the severity of CVE-2024-39550?

CVE-2024-39550 is considered a serious vulnerability due to its potential to be exploited by adjacent attackers without authentication.

How do I fix CVE-2024-39550?

To mitigate CVE-2024-39550, upgrade your Junos OS to a version that is not affected, following the latest security recommendations from Juniper Networks.

What is the impact of CVE-2024-39550?

CVE-2024-39550 allows an attacker to exploit memory management issues in the rtlogd process, potentially leading to service disruption.

Which versions of Junos OS are affected by CVE-2024-39550?

CVE-2024-39550 affects Junos OS versions between 21.2R3 and 23.4R2.

Who can exploit CVE-2024-39550?

CVE-2024-39550 can be exploited by unauthenticated adjacent attackers using techniques such as repeated port flaps.

Vulnerability/
CVE-2024-39550

high

7.1

CWE

401

11/7/2024

CVE-2024-39550: Junos OS: MX Series with SPC3 line card: Port flaps causes rtlogd memory leak leading to Denial of Service

First published: Thu Jul 11 2024(Updated: )

A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps) to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting rtlogd process. The memory usage can be monitored using the below command. user@host> show system processes extensive | match rtlog This issue affects Junos OS on MX Series with SPC3 line card: * from 21.2R3 before 21.2R3-S8, * from 21.4R2 before 21.4R3-S6, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3-S1, * from 23.2 before 23.2R2, * from 23.4 before 23.4R2.

Credit: sirt@juniper.net

Affected Software	Affected Version	How to fix
Juniper Junos	>21.2R3<21.2R3-S8>21.4R2<21.4R3-S6>22.1<22.1R3-S5>22.2<22.2R3-S3>22.3<22.3R3-S2>22.4<22.4R3-S1>23.2<23.2R2>23.4<23.4R2

Remedy

The following software releases have been updated to resolve this specific issue: Junos OS: 21.2R3-S8, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases.

Never miss a vulnerability like this again

Reference Links

https://supportportal.juniper.net/JSA83012

Frequently Asked Questions

What is the severity of CVE-2024-39550?
CVE-2024-39550 is considered a serious vulnerability due to its potential to be exploited by adjacent attackers without authentication.
How do I fix CVE-2024-39550?
To mitigate CVE-2024-39550, upgrade your Junos OS to a version that is not affected, following the latest security recommendations from Juniper Networks.
What is the impact of CVE-2024-39550?
CVE-2024-39550 allows an attacker to exploit memory management issues in the rtlogd process, potentially leading to service disruption.
Which versions of Junos OS are affected by CVE-2024-39550?
CVE-2024-39550 affects Junos OS versions between 21.2R3 and 23.4R2.
Who can exploit CVE-2024-39550?
CVE-2024-39550 can be exploited by unauthenticated adjacent attackers using techniques such as repeated port flaps.

agent/weakness
agent/title
agent/references
agent/type
agent/remedy
agent/first-publish-date
agent/severity
agent/author
agent/event
agent/description
collector/nvd-api
source/NVD
agent/last-modified-date
collector/mitre-cve
source/MITRE
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/juniper networks
canonical/juniper junos

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2024-39550?
CVE-2024-39550 is considered a serious vulnerability due to its potential to be exploited by adjacent attackers without authentication.
How do I fix CVE-2024-39550?
To mitigate CVE-2024-39550, upgrade your Junos OS to a version that is not affected, following the latest security recommendations from Juniper Networks.
What is the impact of CVE-2024-39550?
CVE-2024-39550 allows an attacker to exploit memory management issues in the rtlogd process, potentially leading to service disruption.
Which versions of Junos OS are affected by CVE-2024-39550?
CVE-2024-39550 affects Junos OS versions between 21.2R3 and 23.4R2.
Who can exploit CVE-2024-39550?
CVE-2024-39550 can be exploited by unauthenticated adjacent attackers using techniques such as repeated port flaps.