CVE-2024-21609

A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service (DoS). If specific values for the IPsec parameters local-ip, remote-ip, remote ike-id, and traffic selectors are sent from the peer, a memory leak occurs during every IPsec SA rekey which is carried out with a specific message sequence. This will eventually result in an iked process crash and restart. The iked process memory consumption can be checked using the below command: user@host> show system processes extensive | grep iked PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 56903 root 31 0 4016M 2543M CPU0 0 2:10 10.50% iked This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://supportportal.juniper.net/JSA75750	Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L	Not Applicable
http://supportportal.juniper.net/JSA75750	Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L	Not Applicable

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:juniper:junos::::::::
	cpe:2.3:o:juniper:junos:20.4:-::::::
	cpe:2.3:o:juniper:junos:20.4:r1::::::
	cpe:2.3:o:juniper:junos:20.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:20.4:r2::::::
	cpe:2.3:o:juniper:junos:20.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:20.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:20.4:r3::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s4::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s5::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s6::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s7::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s8::::::
	cpe:2.3:o:juniper:junos:21.2:-::::::
	cpe:2.3:o:juniper:junos:21.2:r1::::::
	cpe:2.3:o:juniper:junos:21.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r2::::::
	cpe:2.3:o:juniper:junos:21.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r3::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s4::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s5::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s6::::::
	cpe:2.3:o:juniper:junos:21.3:-::::::
	cpe:2.3:o:juniper:junos:21.3:r1::::::
	cpe:2.3:o:juniper:junos:21.3:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.3:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.3:r2::::::
	cpe:2.3:o:juniper:junos:21.3:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.3:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.3:r3::::::
	cpe:2.3:o:juniper:junos:21.3:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.3:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.3:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.3:r3-s4::::::
	cpe:2.3:o:juniper:junos:21.4:-::::::
	cpe:2.3:o:juniper:junos:21.4:r1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r2::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:22.1:-::::::
	cpe:2.3:o:juniper:junos:22.1:r1::::::
	cpe:2.3:o:juniper:junos:22.1:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.1:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.1:r2::::::
	cpe:2.3:o:juniper:junos:22.1:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.1:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.1:r3::::::
	cpe:2.3:o:juniper:junos:22.1:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.1:r3-s2::::::
	cpe:2.3:o:juniper:junos:22.2:-::::::
cpe:2.3:o:juniper:junos:22.2:r1::::::
cpe:2.3:o:juniper:junos:22.2:r1-s1::::::
cpe:2.3:o:juniper:junos:22.2:r1-s2::::::
cpe:2.3:o:juniper:junos:22.2:r2::::::
cpe:2.3:o:juniper:junos:22.2:r2-s1::::::
cpe:2.3:o:juniper:junos:22.2:r2-s2::::::
cpe:2.3:o:juniper:junos:22.2:r3::::::
cpe:2.3:o:juniper:junos:22.2:r3-s1::::::
cpe:2.3:o:juniper:junos:22.3:-::::::
cpe:2.3:o:juniper:junos:22.3:r1::::::
cpe:2.3:o:juniper:junos:22.3:r1-s1::::::
cpe:2.3:o:juniper:junos:22.3:r1-s2::::::
cpe:2.3:o:juniper:junos:22.3:r2::::::
cpe:2.3:o:juniper:junos:22.3:r2-s1::::::
cpe:2.3:o:juniper:junos:22.3:r2-s2::::::
cpe:2.3:o:juniper:junos:22.4:-::::::
cpe:2.3:o:juniper:junos:22.4:r1::::::
cpe:2.3:o:juniper:junos:22.4:r1-s1::::::
cpe:2.3:o:juniper:junos:22.4:r1-s2::::::
cpe:2.3:o:juniper:junos:22.4:r2::::::
cpe:2.3:o:juniper:junos:22.4:r2-s1::::::
cpe:2.3:o:juniper:junos:22.4:r2-s2::::::
cpe:2.3:o:juniper:junos:23.2:-::::::
cpe:2.3:o:juniper:junos:23.2:r1::::::
cpe:2.3:o:juniper:junos:23.2:r1-s1::::::

OR	cpe:2.3:h:juniper:csrx:-:::::::*
	cpe:2.3:h:juniper:mx240:-:::::::*
	cpe:2.3:h:juniper:mx480:-:::::::*
	cpe:2.3:h:juniper:mx960:-:::::::*
	cpe:2.3:h:juniper:srx100:-:::::::*
	cpe:2.3:h:juniper:srx110:-:::::::*
	cpe:2.3:h:juniper:srx1400:-:::::::*
	cpe:2.3:h:juniper:srx1500:-:::::::*
	cpe:2.3:h:juniper:srx1600:-:::::::*
	cpe:2.3:h:juniper:srx210:-:::::::*
	cpe:2.3:h:juniper:srx220:-:::::::*
	cpe:2.3:h:juniper:srx2300:-:::::::*
	cpe:2.3:h:juniper:srx240:-:::::::*
	cpe:2.3:h:juniper:srx240h2:-:::::::*
	cpe:2.3:h:juniper:srx240m:-:::::::*
	cpe:2.3:h:juniper:srx300:-:::::::*
	cpe:2.3:h:juniper:srx320:-:::::::*
	cpe:2.3:h:juniper:srx340:-:::::::*
	cpe:2.3:h:juniper:srx3400:-:::::::*
	cpe:2.3:h:juniper:srx345:-:::::::*
	cpe:2.3:h:juniper:srx3600:-:::::::*
	cpe:2.3:h:juniper:srx380:-:::::::*
	cpe:2.3:h:juniper:srx4000:-:::::::*
	cpe:2.3:h:juniper:srx4100:-:::::::*
	cpe:2.3:h:juniper:srx4200:-:::::::*
	cpe:2.3:h:juniper:srx4300:-:::::::*
	cpe:2.3:h:juniper:srx4600:-:::::::*
	cpe:2.3:h:juniper:srx4700:-:::::::*
	cpe:2.3:h:juniper:srx5000:-:::::::*
	cpe:2.3:h:juniper:srx5400:-:::::::*
	cpe:2.3:h:juniper:srx550:-:::::::*
	cpe:2.3:h:juniper:srx550_hm:-:::::::*
	cpe:2.3:h:juniper:srx550m:-:::::::*
	cpe:2.3:h:juniper:srx5600:-:::::::*
	cpe:2.3:h:juniper:srx5800:-:::::::*
	cpe:2.3:h:juniper:srx650:-:::::::*
	cpe:2.3:h:juniper:vsrx:-:::::::*

History

10 Apr 2025, 20:44

Type	Values Removed	Values Added
CPE		cpe:2.3:o:juniper:junos:22.3:r2-s2:::::: cpe:2.3:o:juniper:junos:22.2:r3-s1:::::: cpe:2.3:o:juniper:junos:20.4:r3:::::: cpe:2.3:o:juniper:junos:21.4:r3-s1:::::: cpe:2.3:h:juniper:srx650:-:::::::* cpe:2.3:o:juniper:junos:21.3:r3-s2:::::: cpe:2.3:h:juniper:srx300:-:::::::* cpe:2.3:o:juniper:junos:21.3:-:::::: cpe:2.3:o:juniper:junos:21.2:r2-s2:::::: cpe:2.3:o:juniper:junos:21.4:r3-s3:::::: cpe:2.3:h:juniper:csrx:-:::::::* cpe:2.3:o:juniper:junos:22.1:r2:::::: cpe:2.3:h:juniper:srx4000:-:::::::* cpe:2.3:o:juniper:junos:21.2:r3-s6:::::: cpe:2.3:o:juniper:junos:21.2:r1-s1:::::: cpe:2.3:o:juniper:junos:22.2:r1-s1:::::: cpe:2.3:o:juniper:junos:22.1:r3-s2:::::: cpe:2.3:h:juniper:srx550m:-:::::::* cpe:2.3:h:juniper:srx4100:-:::::::* cpe:2.3:o:juniper:junos:22.4:r2-s1:::::: cpe:2.3:h:juniper:mx480:-:::::::* cpe:2.3:o:juniper:junos:21.3:r3-s1:::::: cpe:2.3:h:juniper:srx3600:-:::::::* cpe:2.3:h:juniper:srx340:-:::::::* cpe:2.3:h:juniper:srx345:-:::::::* cpe:2.3:o:juniper:junos:21.4:r3:::::: cpe:2.3:o:juniper:junos:22.4:r1:::::: cpe:2.3:h:juniper:srx320:-:::::::* cpe:2.3:o:juniper:junos:20.4:-:::::: cpe:2.3:h:juniper:srx4700:-:::::::* cpe:2.3:o:juniper:junos:22.1:r1-s1:::::: cpe:2.3:h:juniper:srx550_hm:-:::::::* cpe:2.3:o:juniper:junos:22.2:-:::::: cpe:2.3:o:juniper:junos:21.3:r2:::::: cpe:2.3:o:juniper:junos:22.4:r1-s1:::::: cpe:2.3:h:juniper:srx550:-:::::::* cpe:2.3:o:juniper:junos:21.3:r3:::::: cpe:2.3:o:juniper:junos:20.4:r2-s2:::::: cpe:2.3:o:juniper:junos:22.3:-:::::: cpe:2.3:h:juniper:srx380:-:::::::* cpe:2.3:o:juniper:junos:21.4:r2:::::: cpe:2.3:h:juniper:srx4200:-:::::::* cpe:2.3:h:juniper:srx240:-:::::::* cpe:2.3:h:juniper:srx5600:-:::::::* cpe:2.3:o:juniper:junos:22.1:r2-s2:::::: cpe:2.3:o:juniper:junos:22.2:r2-s1:::::: cpe:2.3:o:juniper:junos:21.2:-:::::: cpe:2.3:o:juniper:junos:21.2:r2:::::: cpe:2.3:o:juniper:junos:21.2:r3-s2:::::: cpe:2.3:o:juniper:junos:21.4:r1-s1:::::: cpe:2.3:o:juniper:junos:20.4:r3-s3:::::: cpe:2.3:o:juniper:junos:21.2:r3-s3:::::: cpe:2.3:o:juniper:junos:21.2:r3-s1:::::: cpe:2.3:h:juniper:srx110:-:::::::* cpe:2.3:o:juniper:junos:20.4:r1-s1:::::: cpe:2.3:o:juniper:junos:22.3:r1:::::: cpe:2.3:h:juniper:srx5400:-:::::::* cpe:2.3:o:juniper:junos:21.2:r1:::::: cpe:2.3:o:juniper:junos:22.4:-:::::: cpe:2.3:o:juniper:junos:21.3:r1:::::: cpe:2.3:h:juniper:srx5000:-:::::::* cpe:2.3:o:juniper:junos:23.2:r1:::::: cpe:2.3:o:juniper:junos:20.4:r3-s6:::::: cpe:2.3:o:juniper:junos:20.4:r2-s1:::::: cpe:2.3:o:juniper:junos:::::::: cpe:2.3:h:juniper:srx240m:-:::::::* cpe:2.3:o:juniper:junos:22.4:r2:::::: cpe:2.3:o:juniper:junos:22.2:r3:::::: cpe:2.3:o:juniper:junos:21.3:r2-s2:::::: cpe:2.3:h:juniper:srx240h2:-:::::::* cpe:2.3:h:juniper:vsrx:-:::::::* cpe:2.3:o:juniper:junos:20.4:r2:::::: cpe:2.3:o:juniper:junos:21.2:r3:::::: cpe:2.3:o:juniper:junos:21.4:r1:::::: cpe:2.3:o:juniper:junos:22.1:r1:::::: cpe:2.3:o:juniper:junos:21.4:-:::::: cpe:2.3:o:juniper:junos:22.3:r2:::::: cpe:2.3:o:juniper:junos:22.1:r3:::::: cpe:2.3:o:juniper:junos:20.4:r3-s7:::::: cpe:2.3:h:juniper:srx4300:-:::::::* cpe:2.3:o:juniper:junos:21.3:r3-s4:::::: cpe:2.3:o:juniper:junos:22.2:r1-s2:::::: cpe:2.3:o:juniper:junos:21.3:r2-s1:::::: cpe:2.3:o:juniper:junos:22.1:-:::::: cpe:2.3:h:juniper:srx1600:-:::::::* cpe:2.3:o:juniper:junos:21.3:r1-s2:::::: cpe:2.3:o:juniper:junos:20.4:r3-s8:::::: cpe:2.3:o:juniper:junos:22.4:r1-s2:::::: cpe:2.3:o:juniper:junos:20.4:r1:::::: cpe:2.3:o:juniper:junos:22.3:r1-s1:::::: cpe:2.3:o:juniper:junos:21.2:r2-s1:::::: cpe:2.3:o:juniper:junos:20.4:r3-s5:::::: cpe:2.3:h:juniper:srx4600:-:::::::* cpe:2.3:o:juniper:junos:22.3:r1-s2:::::: cpe:2.3:o:juniper:junos:22.3:r2-s1:::::: cpe:2.3:h:juniper:srx1500:-:::::::* cpe:2.3:o:juniper:junos:20.4:r3-s4:::::: cpe:2.3:o:juniper:junos:23.2:r1-s1:::::: cpe:2.3:h:juniper:srx2300:-:::::::* cpe:2.3:o:juniper:junos:22.1:r3-s1:::::: cpe:2.3:o:juniper:junos:20.4:r3-s2:::::: cpe:2.3:o:juniper:junos:21.4:r2-s1:::::: cpe:2.3:o:juniper:junos:21.4:r1-s2:::::: cpe:2.3:o:juniper:junos:22.2:r1:::::: cpe:2.3:h:juniper:mx960:-:::::::* cpe:2.3:o:juniper:junos:22.2:r2:::::: cpe:2.3:h:juniper:srx3400:-:::::::* cpe:2.3:h:juniper:srx1400:-:::::::* cpe:2.3:h:juniper:srx210:-:::::::* cpe:2.3:o:juniper:junos:22.4:r2-s2:::::: cpe:2.3:o:juniper:junos:21.4:r3-s2:::::: cpe:2.3:o:juniper:junos:21.2:r3-s5:::::: cpe:2.3:o:juniper:junos:20.4:r3-s1:::::: cpe:2.3:o:juniper:junos:22.1:r1-s2:::::: cpe:2.3:o:juniper:junos:22.2:r2-s2:::::: cpe:2.3:o:juniper:junos:21.3:r1-s1:::::: cpe:2.3:o:juniper:junos:23.2:-:::::: cpe:2.3:o:juniper:junos:21.2:r3-s4:::::: cpe:2.3:o:juniper:junos:21.3:r3-s3:::::: cpe:2.3:o:juniper:junos:21.2:r1-s2:::::: cpe:2.3:o:juniper:junos:21.4:r2-s2:::::: cpe:2.3:h:juniper:mx240:-:::::::* cpe:2.3:h:juniper:srx100:-:::::::* cpe:2.3:h:juniper:srx5800:-:::::::* cpe:2.3:o:juniper:junos:22.1:r2-s1:::::: cpe:2.3:h:juniper:srx220:-:::::::*
First Time		Juniper csrx Juniper srx240h2 Juniper srx5600 Juniper mx480 Juniper srx220 Juniper srx650 Juniper srx1600 Juniper srx550 Juniper junos Juniper srx2300 Juniper srx550 Hm Juniper srx100 Juniper srx4600 Juniper srx4100 Juniper srx1400 Juniper srx550m Juniper srx4200 Juniper srx240m Juniper srx1500 Juniper srx5000 Juniper mx960 Juniper srx210 Juniper srx380 Juniper Juniper srx3400 Juniper srx320 Juniper vsrx Juniper srx5800 Juniper srx4700 Juniper srx4300 Juniper srx300 Juniper srx5400 Juniper srx340 Juniper srx345 Juniper srx4000 Juniper mx240 Juniper srx240 Juniper srx110 Juniper srx3600
References	~~() http://supportportal.juniper.net/JSA75750 -~~	() http://supportportal.juniper.net/JSA75750 - Vendor Advisory
References	~~() https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L -~~	() https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L - Not Applicable

21 Nov 2024, 08:54

Type	Values Removed	Values Added
References	~~() http://supportportal.juniper.net/JSA75750 -~~	() http://supportportal.juniper.net/JSA75750 -
References	~~() https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L -~~	() https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L -

16 May 2024, 20:15

Type	Values Removed	Values Added
References	~~{'url': 'https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N', 'source': 'sirt@juniper.net'}~~	() https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L -
Summary	(en) A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service (DoS). If specific values for the IPsec parameters local-ip, remote-ip, remote ike-id, and traffic selectors are sent from the peer, a memory leak occurs during every IPsec SA rekey which is carried out with a specific message sequence. This will eventually result in an iked process crash and restart. The iked process memory consumption can be checked using the below command: user@host> show system processes extensive \| grep iked PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 56903 root 31 0 4016M 2543M CPU0 0 2:10 10.50% iked This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2.	(en) A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service (DoS). If specific values for the IPsec parameters local-ip, remote-ip, remote ike-id, and traffic selectors are sent from the peer, a memory leak occurs during every IPsec SA rekey which is carried out with a specific message sequence. This will eventually result in an iked process crash and restart. The iked process memory consumption can be checked using the below command: user@host> show system processes extensive \| grep iked PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 56903 root 31 0 4016M 2543M CPU0 0 2:10 10.50% iked This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2.

15 Apr 2024, 13:15

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de liberación de memoria faltante después de la vida útil efectiva en el daemon IKE (iked) de Juniper Networks Junos OS en la serie MX con SPC3 y la serie SRX permite que un atacante administrativamente adyacente que pueda establecer con éxito túneles IPsec provoque una denegación de servicio ( DoS). Si el par envía valores específicos para los parámetros IPsec local-ip, remoto-ip, remoto ike-id y selectores de tráfico, se produce una pérdida de memoria durante cada nueva clave de IPsec SA que se lleva a cabo con una secuencia de mensajes específica. Esto eventualmente resultará en un bloqueo y reinicio del proceso iked. El consumo de memoria del proceso iked se puede verificar usando el siguiente comando: usuario@host> mostrar procesos del sistema extensos \| grep iked PID NOMBRE DE USUARIO PRI NICE TAMAÑO RES ESTADO C HORA WCPU COMANDO 56903 root 31 0 4016M 2543M CPU0 0 2:10 10,50% iked Este problema afecta a Juniper Networks Junos OS: * Todas las versiones anteriores a 20.4R3-S9; * Versiones 21.2 anteriores a 21.2R3-S7; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S4; * Versiones 22.1 anteriores a 22.1R3-S3; * Versiones 22.2 anteriores a 22.2R3-S2; * Versiones 22.3 anteriores a 22.3R3; * Versiones 22.4 anteriores a 22.4R3; * Versiones 23.2 anteriores a 23.2R1-S2, 23.2R2.

12 Apr 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-12 15:15

Updated : 2025-04-10 20:44

NVD link : CVE-2024-21609

Mitre link : CVE-2024-21609

CVE.ORG link : CVE-2024-21609

JSON object : View

Products Affected

juniper

srx345
srx5600
srx2300
srx1600
srx550_hm
srx5000
srx320
srx3400
srx4000
csrx
srx4100
srx1500
mx960
srx4700
srx4600
srx1400
srx340
srx100
srx300
srx650
srx110
srx4300
srx4200
junos
srx240
srx220
srx240h2
srx5400
srx240m
srx210
mx240
srx5800
srx3600
srx380
vsrx
mx480
srx550
srx550m

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

6.5 /10