CVE-2024-21601
CVSS V2 None
CVSS V3 None
Description
A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).
On SRX Series devices when two different threads try to simultaneously process a queue which is used for TCP events flowd will crash. One of these threads can not be triggered externally, so the exploitation of this race condition is outside the attackers direct control.
Continued exploitation of this issue will lead to a sustained DoS.
This issue affects Juniper Networks Junos OS:
* 21.2 versions earlier than 21.2R3-S5;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S4;
* 22.1 versions earlier than 22.1R3-S3;
* 22.2 versions earlier than 22.2R3-S1;
* 22.3 versions earlier than 22.3R2-S2, 22.3R3;
* 22.4 versions earlier than 22.4R2-S1, 22.4R3.
This issue does not affect Juniper Networks Junos OS versions earlier than 21.2R1.
Overview
- CVE ID
- CVE-2024-21601
- Assigner
- juniper
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-01-12T00:53:54.163Z
- Last Modified Date
- 2024-01-12T00:53:54.163Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://supportportal.juniper.net/JSA75742 | vendor-advisory |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | technical-description |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-21601 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21601 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 15:02:53 | Added to TrackCVE |