CVE-2024-21611 Explained : Impact and Mitigation
Memory release vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows unauthenticated attacker to trigger Denial of Service (DoS).
This CVE involves a missing release of memory after an effective lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. It allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS) by exploiting this vulnerability.
Understanding CVE-2024-21611
This vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved can be exploited by a network-based attacker to trigger a Denial of Service (DoS) attack.
What is CVE-2024-21611?
The vulnerability occurs in scenarios where Juniper Flow Monitoring (jflow) is configured, causing route churn that updates BGP next hops, leading to a slow memory leak and eventually crashing and restarting the rpd process. The affected versions include:
- For Junos OS: 21.4 versions earlier than 21.4R3, 22.1 versions earlier than 22.1R3, and 22.2 versions earlier than 22.2R3.
- For Junos OS Evolved: 21.4-EVO versions earlier than 21.4R3-EVO, 22.1-EVO versions earlier than 22.1R3-EVO, and 22.2-EVO versions earlier than 22.2R3-EVO.
The Impact of CVE-2024-21611
The impact of this vulnerability is high, as it allows an attacker to cause a Denial of Service (DoS) by exploiting the memory leak in the rpd process when jflow is configured, leading to system instability.
Technical Details of CVE-2024-21611
This vulnerability has a base CVSS score of 7.5, indicating a high severity level. The attack complexity is low, requiring no privileges, and has a high availability impact. The vulnerability can be exploited over a network without user interaction.
Vulnerability Description
The issue arises due to a missing release of memory after an effective lifetime in the Routing Protocol Daemon (rpd), which can be leveraged by an unauthenticated attacker to disrupt services.
Affected Systems and Versions
- Junos OS versions earlier than 21.4R3, 22.1R3, and 22.2R3 are impacted.
- Junos OS Evolved versions earlier than 21.4R3-EVO, 22.1R3-EVO, and 22.2R3-EVO are affected.
Exploitation Mechanism
The vulnerability can be exploited in a network environment without the need for user interaction, making it a potential target for malicious actors.
Mitigation and Prevention
To address CVE-2024-21611, immediate steps should be taken to prevent exploitation and ensure the security of affected systems.
Immediate Steps to Take
It is recommended to proactively monitor memory utilization and, when it reaches 85% of total RE memory, consider restarting the rpd process or rebooting the system as a preventive measure.
Long-Term Security Practices
Implementing robust network security measures, regularly updating software, and monitoring system performance can help mitigate the risk of similar vulnerabilities in the future.
Patching and Updates
Juniper Networks has released updated software versions to address this vulnerability. Users are advised to upgrade to Junos OS versions 21.4R3, 22.1R3, 22.2R3, 22.3R1, or later, and Junos OS Evolved versions 21.4R3-EVO, 22.1R3-EVO, 22.2R3-EVO, 22.3R1-EVO, or subsequent releases.
By following these mitigation strategies and keeping systems up-to-date with the latest patches, organizations can enhance their cybersecurity posture and protect against potential threats.