Assigner | juniper |
Reserved | 2024-03-26 |
Published | 2024-04-12 |
Updated | 2024-07-25 |
Description
An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail. This CPU utilization of pkid can be checked using this command: root@srx> show system processes extensive | match pkid xxxxx root 103 0 846M 136M CPU1 1 569:00 100.00% pkid This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S10; * 21.2 versions prior to 21.2R3-S7; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S3; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R3; * 23.2 versions prior to 23.2R1-S2, 23.2R2.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L |
Problem types
CWE-754 Improper Check for Unusual or Exceptional Conditions
Denial of Service (DoS)
Product status
Any version before 20.4R3-S10
21.2 before 21.2R3-S7
21.4 before 21.4R3-S5
22.1 before 22.1R3-S4
22.2 before 22.2R3-S3
22.3 before 22.3R3-S1
22.4 before 22.4R3
23.2 before 23.2R1-S2, 23.2R2
References
https://supportportal.juniper.net/JSA79179
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L