{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-30397", "ASSIGNER": "sirt@juniper.net", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the the\u00a0Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS).\n\nThe pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail.\n\nThis CPU utilization of pkid can be checked using this command: \n\u00a0 root@srx> show system processes extensive | match pkid\n\u00a0 xxxxx \u2003root \u2003103\u2003 0 \u2003846M \u2003136M \u2003CPU1 \u20031\u00a0569:00 100.00% pkid\n\nThis issue affects:\nJuniper Networks Junos OS\n * All\u00a0versions prior to 20.4R3-S10;\n * 21.2 versions prior to 21.2R3-S7;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to\u00a022.2R3-S3;\n * 22.3 versions prior to\u00a022.3R3-S1;\n * 22.4 versions prior to\u00a022.4R3;\n * 23.2 versions prior to\u00a023.2R1-S2, 23.2R2." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "cweId": "CWE-754" } ] }, { "description": [ { "lang": "eng", "value": "Denial of Service (DoS)" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Juniper Networks", "product": { "product_data": [ { "product_name": "Junos OS", "version": { "version_data": [ { "version_affected": "<", "version_name": "0", "version_value": "20.4R3-S10" }, { "version_affected": "<", "version_name": "21.2", "version_value": "21.2R3-S7" }, { "version_affected": "<", "version_name": "21.4", "version_value": "21.4R3-S5" }, { "version_affected": "<", "version_name": "22.1", "version_value": "22.1R3-S4" }, { "version_affected": "<", "version_name": "22.2", "version_value": "22.2R3-S3" }, { "version_affected": "<", "version_name": "22.3", "version_value": "22.3R3-S1" }, { "version_affected": "<", "version_name": "22.4", "version_value": "22.4R3" }, { "version_affected": "<", "version_name": "23.2", "version_value": "23.2R1-S2, 23.2R2" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://supportportal.juniper.net/JSA79179", "refsource": "MISC", "name": "https://supportportal.juniper.net/JSA79179" }, { "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "refsource": "MISC", "name": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L" } ] }, "generator": { "engine": "Vulnogram 0.1.0-dev" }, "source": { "advisory": "JSA79179", "defect": [ "1745288" ], "discovery": "USER" }, "configuration": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "To be affected by this issue, the following configuration is required on the device:
  [ security ike proposal <name>authentication-method rsa-signatures ]
" } ], "value": "To be affected by this issue, the following configuration is required on the device:\n\u00a0 [ security ike proposal authentication-method rsa-signatures ]" } ], "work_around": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "

There are no known workarounds for this issue.

" } ], "value": "There are no known workarounds for this issue." } ], "exploit": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "solution": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S10, 21.2R3-S7, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases." } ], "value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S10, 21.2R3-S7, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases." } ], "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ] } }