What is the CVSS score of CVE-2024-21599?

CVE-2024-21599 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Junos are affected by CVE-2024-21599?

CVE-2024-21599 presents notable security risk rated CVSS 6.5. Exploitation could compromise the security of affected deployments.

How to fix or mitigate CVE-2024-21599?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Junos CVE-2024-21599

MEDIUM

Memory Leak (CWE-401)

2024-01-12 sirt@juniper.net

Denial Of Service Juniper Junos

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:34 vuln.today

CVE Published

Jan 12, 2024 - 01:15 nvd

MEDIUM 6.5

DescriptionNVD

If an MX Series device receives PTP packets on an MPC3E that doesn't support PTP this causes a memory leak which will result in unpredictable behavior and ultimately in an MPC crash and restart.

To monitor for this issue, please use the following FPC vty level commands:

show heap shows an increase in "LAN buffer" utilization and

show clksync ptp nbr-upd-info shows non-zero "Pending PFEs" counter.

This issue affects Juniper Networks Junos OS on MX Series with MPC3E:

All versions earlier than 20.4R3-S3;
21.1 versions earlier than 21.1R3-S4;
21.2 versions earlier than 21.2R3;
21.3 versions earlier than 21.3R2-S1, 21.3R3;
21.4 versions earlier than 21.4R2;
22.1 versions earlier than 22.1R2.

AnalysisAI

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Memory Leak (CWE-401), which allows attackers to exhaust available memory leading to denial of service. A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If an MX Series device receives PTP packets on an MPC3E that doesn't support PTP this causes a memory leak which will result in unpredictable behavior and ultimately in an MPC crash and restart. To monitor for this issue, please use the following FPC vty level commands: show heap shows an increase in "LAN buffer" utilization and show clksync ptp nbr-upd-info shows non-zero "Pending PFEs" counter.4R3-S3; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3; * 21.3 versions earlier than 21.3R2-S1, 21.3R3; * 21.4 versions earlier than 21.4R2; * 22.1 versions earlier than 22.1R2. Affected products include: Juniper Junos.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Ensure all allocated memory is properly freed. Use RAII patterns or garbage-collected languages.