CVE-2024-47493

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the MX Series platforms with Trio-based FPCs allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).

In case of channelized Modular Interface Cards (MICs), every physical interface flap operation will leak heap memory. Over a period of time, continuous physical interface flap operations causeslocal FPC  to eventually run out of memory and crash.

Below CLI command can be used to check the memory usage over a period of time:

user@host> show chassis fpc























        Temp  CPU Utilization (%)  CPU Utilization (%)  Memory  
Utilization (%)
 Slot State    (C) Total Interrupt    1min  5min 
15min DRAM (MB) Heap   Buffer

 0 
Online   43   41     
2              2048    49     14

 1 
Online   43   41     
2             
2048    49     14

 2 
Online   43   41     
2             
2048    49     14









This issue affects Junos OS on MX Series:




  *  All versions before 21.2R3-S7,
  *  from 21.4 before 21.4R3-S6,
  *  from 22.1 before 22.1R3-S5,
  *  from 22.2 before 22.2R3-S3,
  *  from 22.3 before 22.3R3-S2,
  *  from 22.4 before 22.4R3,
  *  from 23.2 before 23.2R2,
  *  from 23.4 before 23.4R2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
juniperCNA
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Common Weakness Enumeration
References
https://supportportal.juniper.net/
https://www.juniper.net/documentation/us/en/software/junos/interfaces-link-multilink/topics/topic-map/link-multilink-services-understanding.html#id-multilink-interfaces-on-channelized-mics-overview