We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-30397

Junos OS: An invalid certificate causes a Denial of Service in the Internet Key Exchange (IKE) process



Assignerjuniper
Reserved2024-03-26
Published2024-04-12
Updated2024-08-02

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail. This CPU utilization of pkid can be checked using this command:   root@srx> show system processes extensive | match pkid   xxxxx  root  103  0  846M  136M  CPU1  1 569:00 100.00% pkid This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S10; * 21.2 versions prior to 21.2R3-S7; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S3; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R3; * 23.2 versions prior to 23.2R1-S2, 23.2R2.



HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Product status

Default status
unaffected

Any version before 20.4R3-S10
affected

21.2 before 21.2R3-S7
affected

21.4 before 21.4R3-S5
affected

22.1 before 22.1R3-S4
affected

22.2 before 22.2R3-S3
affected

22.3 before 22.3R3-S1
affected

22.4 before 22.4R3
affected

23.2 before 23.2R1-S2, 23.2R2
affected

References

https://supportportal.juniper.net/JSA79179 vendor-advisory

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L technical-description

cve.org CVE-2024-30397

nvd.nist.gov CVE-2024-30397

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-30397
Support options

Helpdesk Telegram

Subscribe to our newsletter to learn more about our work.