CVE-2021-31364 — Race Condition in Networks Junos OS

CWE-362 — Race Condition CWE-754 — Improper Check for Unusual or Exceptional Conditions4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.2%

top 54.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedOct 19

Latest updateMay 24

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon (flowd) of Juniper Networks Junos OS on SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2 allows an unauthenticated network based attacker sending specific traffic to cause a crash of the flowd/srxpfe process, responsible for traffic forwarding in SRX, which will cause a Denial of Service (DoS). Continued receipt and processing of this specific traffic will cr…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_osunspecified — 17.4R3-S5+10

▶NVDjuniper/junos11 versions+10

Patches

Patch: kb.juniper.net ↗Patch: kb.juniper.net ↗

🔴Vulnerability Details

GHSA

GHSA-w5r5-j976-gw6f: An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon (flowd) of Juniper Networks Ju↗2022-05-24

▶

CVEList

Junos OS: SRX Series: The flowd process will crash if log session-close is configured and specific traffic is received↗2021-10-19

▶

📋Vendor Advisories

Juniper

CVE-2021-31364: An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon (flowd) of Juniper Networks Ju↗2021-10-19

▶