{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-21617","assignerOrgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","state":"PUBLISHED","assignerShortName":"juniper","dateReserved":"2023-12-27T19:38:25.710Z","datePublished":"2024-01-12T00:57:00.195Z","dateUpdated":"2025-06-17T21:09:20.967Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["MX Series","PTX Series","ACX Series","EX Series","QFX Series"],"product":"Junos OS","vendor":"Juniper Networks","versions":[{"lessThan":"21.2R3-S5","status":"affected","version":"21.2","versionType":"semver"},{"lessThan":"21.3R3-S4","status":"affected","version":"21.3","versionType":"semver"},{"lessThan":"21.4R3-S4","status":"affected","version":"21.4","versionType":"semver"},{"lessThan":"22.1R3-S2","status":"affected","version":"22.1","versionType":"semver"},{"lessThan":"22.2R3-S2","status":"affected","version":"22.2","versionType":"semver"},{"lessThan":"22.3R2-S1, 22.3R3","status":"affected","version":"22.3","versionType":"semver"},{"lessThan":"22.4R1-S2, 22.4R2","status":"affected","version":"22.4","versionType":"semver"},{"lessThan":"20.4R3-S7","status":"unaffected","version":"0","versionType":"semver"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>To be exposed to this issue non-stop routing (NSR) needs to be configured:</p><code>  [routing-options nonstop-routing]</code><br/>"}],"value":"To be exposed to this issue non-stop routing (NSR) needs to be configured:\n\n  [routing-options nonstop-routing]\n"}],"datePublic":"2024-01-10T17:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<p>An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS).</p><p>On all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services.</p>Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.<br><p>The memory usage can be monitored using the below commands.</p><code>user@host&gt; show chassis routing-engine no-forwarding</code><br><code>user@host&gt; show system memory | no-more</code><br><p>This issue affects:</p><p>Juniper Networks Junos OS</p><p></p><ul><li>21.2 versions earlier than 21.2R3-S5;</li><li>21.3 versions earlier than 21.3R3-S4;</li><li>21.4 versions earlier than 21.4R3-S4;</li><li>22.1 versions earlier than 22.1R3-S2;</li><li>22.2 versions earlier than 22.2R3-S2;</li><li>22.3 versions earlier than 22.3R2-S1, 22.3R3;</li><li>22.4 versions earlier than 22.4R1-S2, 22.4R2.</li></ul><p></p><p>This issue does not affect Junos OS versions earlier than 20.4R3-S7.</p>\n\n"}],"value":"\nAn Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS).\n\nOn all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nThe memory usage can be monitored using the below commands.\n\nuser@host> show chassis routing-engine no-forwarding\nuser@host> show system memory | no-more\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n  *  21.2 versions earlier than 21.2R3-S5;\n  *  21.3 versions earlier than 21.3R3-S4;\n  *  21.4 versions earlier than 21.4R3-S4;\n  *  22.1 versions earlier than 22.1R3-S2;\n  *  22.2 versions earlier than 22.2R3-S2;\n  *  22.3 versions earlier than 22.3R2-S1, 22.3R3;\n  *  22.4 versions earlier than 22.4R1-S2, 22.4R2.\n\n\n\n\nThis issue does not affect Junos OS versions earlier than 20.4R3-S7.\n\n\n\n"}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"}],"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-459","description":"CWE-459 Incomplete Cleanup","lang":"en","type":"CWE"}]},{"descriptions":[{"description":"Denial of Service (DoS)","lang":"en"}]}],"providerMetadata":{"orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper","dateUpdated":"2024-01-26T00:04:16.232Z"},"references":[{"tags":["vendor-advisory"],"url":"https://supportportal.juniper.net/JSA75758"},{"tags":["technical-description"],"url":"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S5, 21.3R3-S4, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2, 23.2R1, and all subsequent releases.</p>"}],"value":"The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S5, 21.3R3-S4, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2, 23.2R1, and all subsequent releases.\n\n"}],"source":{"advisory":"JSA75758","defect":["1711656"],"discovery":"USER"},"timeline":[{"lang":"en","time":"2024-01-10T17:00:00.000Z","value":"Initial Publication"},{"lang":"en","time":"2024-01-23T17:00:00.000Z","value":"Clarified that the SRX Series does not support NSR, and is therefore not affected by this vulnerability"}],"title":"Junos OS: BGP flap on NSR-enabled devices causes memory leak","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>There are no known workarounds for this issue.</p>"}],"value":"There are no known workarounds for this issue.\n\n"}],"x_generator":{"engine":"Vulnogram 0.1.0-av217"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T22:27:35.601Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://supportportal.juniper.net/JSA75758"},{"tags":["technical-description","x_transferred"],"url":"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-21617","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-01-12T18:12:19.572164Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-17T21:09:20.967Z"}}]}}