CVE-2024-47493
Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
11/10/2024
Last modified:
15/10/2024
Description
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the SRX5K, SRX4600 and MX Series platforms with Trio-based FPCs allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).<br />
<br />
In case of channelized Modular Interface Cards (MICs), every physical interface flap operation will leak heap memory. Over a period of time, continuous physical interface flap operations causes local FPC to eventually run out of memory and crash. <br />
<br />
Below CLI command can be used to check the memory usage over a period of time:<br />
<br />
??user@host> show chassis fpc<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Temp CPU Utilization (%) CPU Utilization (%) Memory <br />
Utilization (%)<br />
Slot State (C) Total Interrupt 1min 5min <br />
15min DRAM (MB) Heap Buffer<br />
<br />
0 <br />
Online 43 41 <br />
2 2048 49 14<br />
<br />
1 <br />
Online 43 41 <br />
2 <br />
2048 49 14<br />
<br />
2 <br />
Online 43 41 <br />
2 <br />
2048 49 14<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
This issue affects Junos OS on SRX5K, SRX4600 and MX Series: <br />
<br />
<br />
<br />
<br />
* All versions before 21.2R3-S7, <br />
* from 21.4 before 21.4R3-S6, <br />
* from 22.1 before 22.1R3-S5, <br />
* from 22.2 before 22.2R3-S3, <br />
* from 22.3 before 22.3R3-S2, <br />
* from 22.4 before 22.4R3, <br />
* from 23.2 before 23.2R2, <br />
* from 23.4 before 23.4R2.
Impact
Base Score 4.0
7.10
Severity 4.0
HIGH
Base Score 3.x
6.50
Severity 3.x
MEDIUM