Juniper Junos OS: 2024-07 Security Bulletin: Junos OS: MX Series: Continuous subscriber logins will lead to a memory leak and eventually an FPC crash (JSA82999) (CVE-2024-39539)

Juniper Junos OS: 2024-07 Security Bulletin: Junos OS: MX Series: Continuous subscriber logins will lead to a memory leak and eventually an FPC crash (JSA82999) (CVE-2024-39539)

Severity

6

CVSS

(AV:A/AC:M/Au:N/C:N/I:N/A:C)

Published

07/10/2024

Created

07/12/2024

Added

07/11/2024

Modified

01/28/2025

Description

A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). In a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart. This issue affects Junos OS on MX Series: *All version before 21.2R3-S6, *21.4 versions before 21.4R3-S6, *22.1 versions before 22.1R3-S5, *22.2 versions before 22.2R3-S3,  *22.3 versions before 22.3R3-S2, *22.4 versions before 22.4R3, *23.2 versions before 23.2R2.

Solution(s)

• juniper-junos-os-upgrade-latest

References

• https://attackerkb.com/topics/cve-2024-39539
• CVE - 2024-39539
• JSA82999