CVE-2024-21587Improper Handling of Exceptional Conditions in Networks Junos OS

CWE-755Improper Handling of Exceptional Conditions4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 84.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 12

Description

An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting bbe-smgd. This issue only occurs if BFD liveness detection for DHCP subscribers is enabled. Sys

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os21.221.2R3-S7+8
NVDjuniper/junos9 versions+8

🔴Vulnerability Details

2
CVEList
Junos OS: MX Series: Memory leak in bbe-smgd process if BFD liveness detection for DHCP subscribers is enabled2024-01-12
GHSA
GHSA-m2fv-89w7-x6jx: An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos O2024-01-12

📋Vendor Advisories

1
Juniper
CVE-2024-21587: An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos2024-01-12
CVE-2024-21587 — Networks Junos OS vulnerability | cvebase