Heap-based Buffer Overflow Vulnerability Affects Juniper Networks Junos OS on Certain Platforms
CVE-2024-39518

7.5HIGH

Key Information:

Vendor

Juniper Networks
Status
Junos Os
Vendor
CVE Published:
10 July 2024

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2024-39518?

A Heap-based Buffer Overflow vulnerability exists within the telemetry sensor process (sensord) of Juniper Networks' Junos OS, specifically affecting MX240, MX480, and MX960 platforms using MPC10E. This vulnerability triggers progressively increasing memory consumption, resulting in a Denial of Service condition. When a device engages in a telemetry subscription, a slow memory leak transpires, ultimately exhausting system resources and rendering the device unresponsive. To regain functionality, a manual reboot of the Line Card becomes necessary. The vulnerability is exclusively observable while the telemetry subscription is active. Monitoring commands such as 'show system processes extensive' and 'show system info | match sensord' can be employed to assess heap memory utilization and system status.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Junos OS MX240 using MPC10E 21.2R3-S5 < 21.2R3-S7

Junos OS MX240 using MPC10E 21.4R3-S4 < 21.4R3-S6

Junos OS MX240 using MPC10E 22.2R3 < 22.2R3-S4

References

https://supportportal.juniper.net/JSA82982
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

JSON
.