CVE-2024-39539

Junos OS: MX Series: Continuous subscriber logins will lead to a memory leak and eventually an FPC crash

Description

A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). In a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart. This issue affects Junos OS on MX Series: * All version before 21.2R3-S6, * 21.4 versions before 21.4R3-S6, * 22.1 versions before 22.1R3-S5, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S2, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2.

Remediation

Solution:

The following software releases have been updated to resolve this specific issue: 21.2R3-S6, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.

Workaround:

There are no known workarounds for this issue.

References

Link	Tags
https://supportportal.juniper.net/JSA82999	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-39539?: CVE-2024-39539 has been scored as a medium severity vulnerability.
How to fix CVE-2024-39539?: To fix CVE-2024-39539: The following software releases have been updated to resolve this specific issue: 21.2R3-S6, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.
Is CVE-2024-39539 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-39539 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-39539?: CVE-2024-39539 affects Juniper Networks Junos OS.

Description

Remediation

Category

CWE-401 – Missing Release of Memory after Effective Lifetime

References

Frequently Asked Questions