VYPR
Unrated severityNVD Advisory· Published Apr 12, 2024· Updated Aug 2, 2024

Junos OS: An invalid certificate causes a Denial of Service in the Internet Key Exchange (IKE) process

CVE-2024-30397

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS).

The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail.

This CPU utilization of pkid can be checked using this command: root@srx> show system processes extensive | match pkid xxxxx  root  103  0  846M  136M  CPU1  1 569:00 100.00% pkid

This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S10; * 21.2 versions prior to 21.2R3-S7; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S3; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R3; * 23.2 versions prior to 23.2R1-S2, 23.2R2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Juniper Networks/Junosllm-fuzzy2 versions
    <20.4R3-S10, >=21.2 <21.2R3-S7, >=21.4 <21.4R3-S5, >=22.1 <22.1R3-S4, >=22.2 <22.2R3-S3, >=22.3 <22.3R3-S1, >=22.4 <22.4R3, >=23.2 <23.2R1-S2, <23.2R2+ 1 more
    • (no CPE)range: <20.4R3-S10, >=21.2 <21.2R3-S7, >=21.4 <21.4R3-S5, >=22.1 <22.1R3-S4, >=22.2 <22.2R3-S3, >=22.3 <22.3R3-S1, >=22.4 <22.4R3, >=23.2 <23.2R1-S2, <23.2R2
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.