CVE-2024-21613

Summary

CVE-2024-21613 is a vulnerability affecting Juniper Networks Junos OS and Junos OS Evolved. It involves a missing release of memory after effective lifetime in the Routing Protocol Daemon (RPD), which can be exploited by unauthenticated, adjacent attackers to cause an rpd crash and initiate a Denial of Service (DoS) attack. This vulnerability occurs when traffic engineering is enabled for OSPF or ISIS, and a link flaps, leading to a patroot memory leak. The memory leak, if not addressed, will eventually cause an rpd crash and restart. Affected versions include Junos OS 21.2R3-S3 and earlier, 21.3 versions earlier than 21.3R3-S5, 21.4 versions earlier than 21.4R3-S3, 22.1 versions earlier than 22.1R3, and Junos OS Evolved versions earlier than 21.3R3-S5-EVO, 21.4 versions earlier than 21.4R3-EVO, 22.1 versions earlier than 22.1R3-EVO, and 22.2 versions earlier than 22.2R3-EVO. Users can monitor memory usage with the command 'show task memory detail | match patroot'.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.