CVE-2023-44188Time-of-check Time-of-use (TOCTOU) Race Condition in Networks Junos OS

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 72.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedOct 11

Description

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, leading to a Denial of Service (DoS). Continued receipt and processing of telemetry requests will repeatedly crash the jkdsd process and sustain the Denial of Service (DoS) condition. This issue is seen

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os20.420.4R3-S9+9
NVDjuniper/junos< 20.4+11

🔴Vulnerability Details

2
GHSA
GHSA-w3pf-28jm-x86v: A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenti2023-10-11
CVEList
Junos OS: jkdsd crash due to multiple telemetry requests2023-10-11

📋Vendor Advisories

1
Juniper
CVE-2023-44188: A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authent2023-10-11
CVE-2023-44188 — Networks Junos OS vulnerability | cvebase