{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39539", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2024-06-25T15:12:53.244Z", "datePublished": "2024-07-11T16:15:57.431Z", "dateUpdated": "2024-08-02T04:26:15.901Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MX Series"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.2R3-S6", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "21.4R3-S6", "status": "affected", "version": "21.4", "versionType": "semver"}, {"lessThan": "22.1R3-S5", "status": "affected", "version": "22.1", "versionType": "semver"}, {"lessThan": "22.2R3-S3", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R3-S2", "status": "affected", "version": "22.3", "versionType": "semver"}, {"lessThan": "22.4R3", "status": "affected", "version": "22.4", "versionType": "semver"}, {"lessThan": "23.2R2", "status": "affected", "version": "23.2", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "To be exposed to this vulnerability subscriber management needs to be enabled via:<br><br><tt>[system services subscriber-management enable]</tt>"}], "value": "To be exposed to this vulnerability subscriber management needs to be enabled via:\n\n[system services subscriber-management enable]"}], "datePublic": "2024-07-10T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Denial-of-Service (DoS).<br><br>In a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart.<br><br></span><p>This issue affects Junos OS on MX Series:</p><p></p><ul><li>All version before 21.2R3-S6,</li><li>21.4 versions before 21.4R3-S6,</li><li>22.1 versions before 22.1R3-S5,</li><li>22.2 versions before 22.2R3-S3,&nbsp;</li><li>22.3 versions before 22.3R3-S2,</li><li>22.4 versions before 22.4R3,</li><li>23.2 versions before 23.2R2.</li></ul><p></p>"}], "value": "A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a\u00a0Denial-of-Service (DoS).\n\nIn a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart.\n\nThis issue affects Junos OS on MX Series:\n\n\n\n * All version before 21.2R3-S6,\n * 21.4 versions before 21.4R3-S6,\n * 22.1 versions before 22.1R3-S5,\n * 22.2 versions before 22.2R3-S3,\u00a0\n * 22.3 versions before 22.3R3-S2,\n * 22.4 versions before 22.4R3,\n * 23.2 versions before 23.2R2."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 6, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-07-11T16:15:57.431Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA82999"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S6, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S6, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases."}], "source": {"advisory": "JSA82999", "defect": ["1735490"], "discovery": "INTERNAL"}, "title": "Junos OS: MX Series: Continuous subscriber logins will lead to a memory leak and eventually an FPC crash", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue."}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-11T18:53:12.463354Z", "id": "CVE-2024-39539", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T18:53:18.899Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.901Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://supportportal.juniper.net/JSA82999"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39539", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-11T18:53:12.463354Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T18:53:16.825Z"}}], "cna": {"title": "Junos OS: MX Series: Continuous subscriber logins will lead to a memory leak and eventually an FPC crash", "source": {"defect": ["1735490"], "advisory": "JSA82999", "discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "affected", "version": "0", "lessThan": "21.2R3-S6", "versionType": "semver"}, {"status": "affected", "version": "21.4", "lessThan": "21.4R3-S6", "versionType": "semver"}, {"status": "affected", "version": "22.1", "lessThan": "22.1R3-S5", "versionType": "semver"}, {"status": "affected", "version": "22.2", "lessThan": "22.2R3-S3", "versionType": "semver"}, {"status": "affected", "version": "22.3", "lessThan": "22.3R3-S2", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R3", "versionType": "semver"}, {"status": "affected", "version": "23.2", "lessThan": "23.2R2", "versionType": "semver"}], "platforms": ["MX Series"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S6, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S6, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.", "base64": false}]}], "datePublic": "2024-07-10T16:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/JSA82999", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue.", "supportingMedia": [{"type": "text/html", "value": "There are no known workarounds for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a\u00a0Denial-of-Service (DoS).\n\nIn a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart.\n\nThis issue affects Junos OS on MX Series:\n\n\n\n * All version before 21.2R3-S6,\n * 21.4 versions before 21.4R3-S6,\n * 22.1 versions before 22.1R3-S5,\n * 22.2 versions before 22.2R3-S3,\u00a0\n * 22.3 versions before 22.3R3-S2,\n * 22.4 versions before 22.4R3,\n * 23.2 versions before 23.2R2.", "supportingMedia": [{"type": "text/html", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Denial-of-Service (DoS).<br><br>In a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart.<br><br></span><p>This issue affects Junos OS on MX Series:</p><p></p><ul><li>All version before 21.2R3-S6,</li><li>21.4 versions before 21.4R3-S6,</li><li>22.1 versions before 22.1R3-S5,</li><li>22.2 versions before 22.2R3-S3,&nbsp;</li><li>22.3 versions before 22.3R3-S2,</li><li>22.4 versions before 22.4R3,</li><li>23.2 versions before 23.2R2.</li></ul><p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "configurations": [{"lang": "en", "value": "To be exposed to this vulnerability subscriber management needs to be enabled via:\n\n[system services subscriber-management enable]", "supportingMedia": [{"type": "text/html", "value": "To be exposed to this vulnerability subscriber management needs to be enabled via:<br><br><tt>[system services subscriber-management enable]</tt>", "base64": false}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-07-11T16:15:57.431Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39539", "state": "PUBLISHED", "dateUpdated": "2024-07-11T18:53:18.899Z", "dateReserved": "2024-06-25T15:12:53.244Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2024-07-11T16:15:57.431Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a\u00a0Denial-of-Service (DoS).\n\nIn a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart.\n\nThis issue affects Junos OS on MX Series:\n\n\n\n * All version before 21.2R3-S6,\n * 21.4 versions before 21.4R3-S6,\n * 22.1 versions before 22.1R3-S5,\n * 22.2 versions before 22.2R3-S3,\u00a0\n * 22.3 versions before 22.3R3-S2,\n * 22.4 versions before 22.4R3,\n * 23.2 versions before 23.2R2."}, {"lang": "es", "value": "Una vulnerabilidad de liberaci\u00f3n de memoria faltante despu\u00e9s de la vida \u00fatil efectiva en Juniper Networks Junos OS en la serie MX permite que un atacante adyacente no autenticado provoque una denegaci\u00f3n de servicio (DoS). En un escenario de gesti\u00f3n de suscriptores, los inicios de sesi\u00f3n continuos de los suscriptores provocar\u00e1n una p\u00e9rdida de memoria y, eventualmente, provocar\u00e1n un bloqueo y reinicio del FPC. Este problema afecta a Junos OS en la serie MX: * Todas las versiones anteriores a 21.2R3-S6, * Versiones 21.4 anteriores a 21.4R3-S6, * Versiones 22.1 anteriores a 22.1R3-S5, * Versiones 22.2 anteriores a 22.2R3-S3, * Versiones 22.3 anteriores a 22.3 R3-S2, *versiones 22.4 anteriores a 22.4R3, *versiones 23.2 anteriores a 23.2R2."}], "id": "CVE-2024-39539", "lastModified": "2024-11-21T09:27:57.843", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2024-07-11T17:15:12.633", "references": [{"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA82999"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://supportportal.juniper.net/JSA82999"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

{}