CVE-2024-21610

An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS). In a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can't be established anymore. A similar behavior will be seen for telnet etc. Stuck mgd processes can be monitored by executing the following command:   user@host> show system processes extensive | match mgd | match sbwait This issue affects Juniper Networks Junos OS on MX Series: All versions earlier than 20.4R3-S9; 21.2 versions earlier than 21.2R3-S7; 21.3 versions earlier than 21.3R3-S5; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S2; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2.
Configurations

No configuration.

History

21 Nov 2024, 08:54

Type Values Removed Values Added
References () http://supportportal.juniper.net/JSA75751 - () http://supportportal.juniper.net/JSA75751 -
References () https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N - () https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N -

16 May 2024, 20:15

Type Values Removed Values Added
Summary (en) An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS). In a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can't be established anymore. A similar behavior will be seen for telnet etc. Stuck mgd processes can be monitored by executing the following command:   user@host> show system processes extensive | match mgd | match sbwait This issue affects Juniper Networks Junos OS on MX Series: All versions earlier than 20.4R3-S9; 21.2 versions earlier than 21.2R3-S7; 21.3 versions earlier than 21.3R3-S5; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S2; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2. (en) An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS). In a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can't be established anymore. A similar behavior will be seen for telnet etc. Stuck mgd processes can be monitored by executing the following command:   user@host> show system processes extensive | match mgd | match sbwait This issue affects Juniper Networks Junos OS on MX Series: All versions earlier than 20.4R3-S9; 21.2 versions earlier than 21.2R3-S7; 21.3 versions earlier than 21.3R3-S5; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S2; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2.

14 May 2024, 14:55

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.3
v2 : unknown
v3 : 4.3

15 Apr 2024, 13:15

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de manejo inadecuado de condiciones excepcionales en el daemon de clase de servicio (cosd) de Juniper Networks Junos OS en la serie MX permite que un atacante autenticado basado en red con privilegios bajos cause una denegación de servicio (DoS) limitada. En un escenario de suscriptor escalado, cuando cosd maneja comandos específicos de privilegios bajos, recibidos a través de NETCONF, SSH o telnet, en nombre de mgd, los respectivos procesos del daemon de administración infantil (mgd) se atascarán. En el caso de (Netconf sobre) SSH, esto conduce a sesiones SSH bloqueadas, de modo que cuando se alcanza el límite de conexión para SSH ya no se pueden establecer nuevas sesiones. Se observará un comportamiento similar para telnet, etc. Los procesos mgd atascados se pueden monitorear ejecutando el siguiente comando: usuario@host> mostrar procesos del sistema extensos | partido mgd | match sbwait Este problema afecta a Juniper Networks Junos OS en la serie MX: todas las versiones anteriores a 20.4R3-S9; Versiones 21.2 anteriores a 21.2R3-S7; Versiones 21.3 anteriores a 21.3R3-S5; Versiones 21.4 anteriores a 21.4R3-S5; Versiones 22.1 anteriores a 22.1R3-S4; Versiones 22.2 anteriores a 22.2R3-S3; Versiones 22.3 anteriores a 22.3R3-S2; Versiones 22.4 anteriores a 22.4R3; Versiones 23.2 anteriores a 23.2R1-S2, 23.2R2.

12 Apr 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-12 15:15

Updated : 2024-11-21 08:54


NVD link : CVE-2024-21610

Mitre link : CVE-2024-21610

CVE.ORG link : CVE-2024-21610


JSON object : View

Products Affected

No product.

CWE
CWE-755

Improper Handling of Exceptional Conditions