Published: January 16, 2024
Juniper Networks has released security updates to address a vulnerability affecting Juniper Junos OS and Junos OS Evolved. A remote cyber threat actor could exploit this vulnerability (CVE-2024-21611) to cause a denial-of-service condition if it is not addressed.
A vulnerability known as ‘Missing Release of Memory after Effective Lifetime’ in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
21.4 versions earlier than 21.4R3;
22.1 versions earlier than 22.1R3;
22.2 versions earlier than 22.2R3.
|Junos OS: 21.4R3, 22.1R3, 22.2R3, 22.3R1, and all subsequent releases.
|Junos OS Evolved
21.4-EVO versions earlier than 21.4R3-EVO;
22.1-EVO versions earlier than 22.1R3-EVO;
22.2-EVO versions earlier than 22.2R3-EVO.
|Junos OS Evolved: 21.4R3-EVO, 22.1R3-EVO, 22.2R3-EVO, 22.3R1-EVO, and all subsequent releases.
Mitigations and Workarounds
Upgrade Junos OS and Junos OS Evolved to the following software releases, which have resolved this issue:
- Junos OS: 21.4R3, 22.1R3, 22.2R3, 22.3R1, and all subsequent releases.
- Junos OS Evolved: 21.4R3-EVO, 22.1R3-EVO, 22.2R3-EVO, 22.3R1-EVO, and all subsequent releases.
As a workaround, Juniper recommends proactively monitoring the memory utilization of the affected systems. When it reaches 85% of the total RE memory, restart ‘rpd’ or reboot the system.
Run a vulnerability scanner to detect the presence of vulnerabilities, ensuring that the scanner has the feature to detect the specific vulnerability. Additionally, update the OS version to the recommended version and proactively monitor memory utilization.
Netsurion Detection and Response
Netsurion researchers are continuously monitoring the exploits of this vulnerability. Netsurion’s vulnerability management system will detect the vulnerability CVE-2024-21611 for customers who have subscribed to Netsurion Vulnerability Management.