CVE-2024-30397

{"id": "CVE-2024-30397", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-04-12T16:15:39.267", "references": [{"url": "https://supportportal.juniper.net/JSA79179", "source": "sirt@juniper.net"}, {"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "source": "sirt@juniper.net"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the the\u00a0Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS).\n\nThe pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail.\n\nThis CPU utilization of pkid can be checked using this command: \n\u00a0 root@srx> show system processes extensive | match pkid\n\u00a0 xxxxx ?root ?103? 0 ?846M ?136M ?CPU1 ?1\u00a0569:00 100.00% pkid\n\nThis issue affects:\nJuniper Networks Junos OS\nAll\u00a0versions prior to 20.4R3-S10;\n21.2 versions prior to 21.2R3-S7;\n21.4 versions prior to 21.4R3-S5;\n22.1 versions prior to 22.1R3-S4;\n22.2 versions prior to\u00a022.2R3-S3;\n22.3 versions prior to\u00a022.3R3-S1;\n22.4 versions prior to\u00a022.4R3;\n23.2 versions prior to\u00a023.2R1-S2, 23.2R2.\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de verificaci\u00f3n inadecuada de condiciones inusuales o excepcionales en el daemon de infraestructura de clave p\u00fablica (pkid) de Juniper Networks Junos OS permite que un atacante en red no autenticado provoque una denegaci\u00f3n de servicio (DoS). El pkid es responsable de la verificaci\u00f3n del certificado. Tras una verificaci\u00f3n fallida, el pkid utiliza todos los recursos de la CPU y deja de responder a futuros intentos de verificaci\u00f3n. Esto significa que todas las negociaciones VPN posteriores que dependan de la verificaci\u00f3n del certificado fallar\u00e1n. Esta utilizaci\u00f3n de CPU de pkid se puede verificar usando este comando: root@srx> mostrar procesos del sistema extensos | coincide con pkid xxxxx root 103 0 846M 136M CPU1 1 569:00 100.00% pkid Este problema afecta a: Juniper Networks Junos OS Todas las versiones anteriores a 20.4R3-S10; Versiones 21.2 anteriores a 21.2R3-S7; Versiones 21.4 anteriores a 21.4R3-S5; Versiones 22.1 anteriores a 22.1R3-S4; Versiones 22.2 anteriores a 22.2R3-S3; Versiones 22.3 anteriores a 22.3R3-S1; Versiones 22.4 anteriores a 22.4R3; Versiones 23.2 anteriores a 23.2R1-S2, 23.2R2."}], "lastModified": "2024-04-15T13:15:51.577", "sourceIdentifier": "sirt@juniper.net"}