CVE-2024-21601

{"id": "CVE-2024-21601", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2024-01-12T01:15:48.043", "references": [{"url": "https://supportportal.juniper.net/JSA75742", "tags": ["Vendor Advisory"], "source": "sirt@juniper.net"}, {"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "tags": ["Third Party Advisory"], "source": "sirt@juniper.net"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}, {"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "\nA Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).\n\nOn SRX Series devices when two different threads try to simultaneously process a queue which is used for TCP events flowd will crash. One of these threads can not be triggered externally, so the exploitation of this race condition is outside the attackers direct control.\n\nContinued exploitation of this issue will lead to a sustained DoS.\n\nThis issue affects Juniper Networks Junos OS:\n\n\n\n * 21.2 versions earlier than 21.2R3-S5;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S4;\n * 22.1 versions earlier than 22.1R3-S3;\n * 22.2 versions earlier than 22.2R3-S1;\n * 22.3 versions earlier than 22.3R2-S2, 22.3R3;\n * 22.4 versions earlier than 22.4R2-S1, 22.4R3.\n\n\n\n\nThis issue does not affect Juniper Networks Junos OS versions earlier than 21.2R1.\n\n\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n concurrente que utiliza recurso compartido con sincronizaci\u00f3n inadecuada ('condici\u00f3n de ejecuci\u00f3n') en Flow-processing Daemon (flowd) de Juniper Networks Junos OS en la serie SRX permite que un atacante basado en red no autenticado provoque una denegaci\u00f3n de servicio ( Dos). En los dispositivos de la serie SRX, cuando dos subprocesos diferentes intentan procesar simult\u00e1neamente una cola que se utiliza para el flujo de eventos TCP, se bloquear\u00e1. Uno de estos subprocesos no se puede activar externamente, por lo que la explotaci\u00f3n de esta condici\u00f3n de ejecuci\u00f3n est\u00e1 fuera del control directo del atacante. La explotaci\u00f3n continua de este problema conducir\u00e1 a un DoS sostenido. Este problema afecta a Juniper Networks Junos OS: * Versiones 21.2 anteriores a 21.2R3-S5; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S4; * Versiones 22.1 anteriores a 22.1R3-S3; * Versiones 22.2 anteriores a 22.2R3-S1; * Versiones 22.3 anteriores a 22.3R2-S2, 22.3R3; * Versiones 22.4 anteriores a 22.4R2-S1, 22.4R3. Este problema no afecta a las versiones de Juniper Networks Junos OS anteriores a la 21.2R1."}], "lastModified": "2024-01-19T22:57:04.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53938295-8999-4316-9DED-88E24D037852"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "255B6F20-D32F-42C1-829C-AE9C7923558A"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90AE30DB-C448-4FE9-AC11-FF0F27CDA227"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CCBB2F4-F05B-4CC5-9B1B-ECCB798D0483"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D157211-535E-4B2D-B2FE-F697FAFDF65C"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D49FFB60-BA71-4902-9404-E67162919ADC"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06156CD6-09D3-4A05-9C5E-BC64A70640F9"}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E"}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F"}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67"}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1"}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334"}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E"}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E"}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC"}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B"}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15"}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7"}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737"}, {"criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C"}, {"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175"}, {"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30"}, {"criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@juniper.net"}