CVE-2024-21601 — Race Condition in Networks Junos OS

CWE-362 — Race Condition4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.2%

top 53.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJan 12

Description

A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). On SRX Series devices when two different threads try to simultaneously process a queue which is used for TCP events flowd will crash. One of these threads can not be triggered externally, so the exploitation of this race con…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os21.2 — 21.2R3-S5+6

▶NVDjuniper/junos7 versions+6

🔴Vulnerability Details

GHSA

GHSA-5mjf-6gr5-jvh8: A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of J↗2024-01-12

▶

CVEList

Junos OS: SRX Series: Due to an error in processing TCP events flowd will crash↗2024-01-12

▶

📋Vendor Advisories

Juniper

CVE-2024-21601: A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of↗2024-01-12

▶