An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS).
The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail.
This CPU utilization of pkid can be checked using this command:
root@srx> show system processes extensive | match pkid
xxxxx root 103 0 846M 136M CPU1 1 569:00 100.00% pkid
This issue affects:
Juniper Networks Junos OS
* All versions prior to 20.4R3-S10;
* 21.2 versions prior to 21.2R3-S7;
* 21.4 versions prior to 21.4R3-S5;
* 22.1 versions prior to 22.1R3-S4;
* 22.2 versions prior to 22.2R3-S3;
* 22.3 versions prior to 22.3R3-S1;
* 22.4 versions prior to 22.4R3;
* 23.2 versions prior to 23.2R1-S2, 23.2R2.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: juniper
Published: 2024-04-12T15:25:54.567Z
Updated: 2024-08-02T01:32:07.245Z
Reserved: 2024-03-26T23:06:17.995Z
Link: CVE-2024-30397
Vulnrichment
Updated: 2024-08-02T01:32:07.245Z
NVD
Status : Awaiting Analysis
Published: 2024-04-12T16:15:39.267
Modified: 2024-05-16T21:16:09.473
Link: CVE-2024-30397
Redhat
No data.