vulnerability

Juniper Junos OS: 2024-07 Security Bulletin: Junos OS: MX Series with SPC3 line card: Port flaps causes rtlogd memory leak leading to Denial of Service (JSA83012) (CVE-2024-39550)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:A/AC:L/Au:N/C:N/I:N/A:C)	07/10/2024	07/11/2024	03/10/2025

Severity

CVSS

(AV:A/AC:L/Au:N/C:N/I:N/A:C)

Published

07/10/2024

Added

07/11/2024

Modified

03/10/2025

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps) to cause a slow memory leak, ultimately leading to a Denial of Service (DoS).

Memory can only be recovered by manually restarting rtlogd process.
The memory usage can be monitored using the below command.

????user@host> show system processes extensive | match rtlog

This issue affects Junos OS on MX Series with SPC3 line card:

* from 21.2R3 before 21.2R3-S8,
* from 21.4R2 before 21.4R3-S6,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3-S1,
* from 23.2 before 23.2R2,
* from 23.4 before 23.4R2.

Solution

juniper-junos-os-upgrade-latest

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today