A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).
On SRX Series devices when two different threads try to simultaneously process a queue which is used for TCP events flowd will crash. One of these threads can not be triggered externally, so the exploitation of this race condition is outside the attackers direct control.
Continued exploitation of this issue will lead to a sustained DoS.
This issue affects Juniper Networks Junos OS:
* 21.2 versions earlier than 21.2R3-S5;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S4;
* 22.1 versions earlier than 22.1R3-S3;
* 22.2 versions earlier than 22.2R3-S1;
* 22.3 versions earlier than 22.3R2-S2, 22.3R3;
* 22.4 versions earlier than 22.4R2-S1, 22.4R3.
This issue does not affect Juniper Networks Junos OS versions earlier than 21.2R1.
References
Link | Resource |
---|---|
https://supportportal.juniper.net/JSA75742 | Vendor Advisory |
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: juniper
Published: 2024-01-12T00:53:54.163Z
Updated: 2024-01-12T00:53:54.163Z
Reserved: 2023-12-27T19:38:25.706Z
Link: CVE-2024-21601
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-12T01:15:48.043
Modified: 2024-01-19T22:57:04.600
Link: CVE-2024-21601
JSON object: View
Redhat Information
No data.
CWE