CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS4
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N/R:U
EPSS
Percentile
13.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps) to cause a slow memory leak, ultimately leading to a Denial of Service (DoS).
Memory can only be recovered by manually restarting rtlogd process.
The memory usage can be monitored using the below command.
user@host> show system processes extensive | match rtlog
This issue affects Junos OS on MX Series with SPC3 line card:
[
{
"vendor": "Juniper Networks",
"product": "Junos OS",
"versions": [
{
"status": "affected",
"version": "21.2R3",
"lessThan": "21.2R3-S8",
"versionType": "semver"
},
{
"status": "affected",
"version": "21.4R2",
"lessThan": "21.4R3-S6",
"versionType": "semver"
},
{
"status": "affected",
"version": "22.1",
"lessThan": "22.1R3-S5",
"versionType": "semver"
},
{
"status": "affected",
"version": "22.2",
"lessThan": "22.2R3-S3",
"versionType": "semver"
},
{
"status": "affected",
"version": "22.3",
"lessThan": "22.3R3-S2",
"versionType": "semver"
},
{
"status": "affected",
"version": "22.4",
"lessThan": "22.4R3-S1",
"versionType": "semver"
},
{
"status": "affected",
"version": "23.2",
"lessThan": "23.2R2",
"versionType": "semver"
},
{
"status": "affected",
"version": "23.4",
"lessThan": "23.4R2",
"versionType": "semver"
}
],
"platforms": [
"MX Series with SPC3"
],
"defaultStatus": "unaffected"
}
]
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS4
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N/R:U
EPSS
Percentile
13.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial