CVE-2024-21601

Summary

A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).

On SRX Series devices when two different threads try to simultaneously process a queue which is used for TCP events flowd will crash. One of these threads can not be triggered externally, so the exploitation of this race condition is outside the attackers direct control.

Continued exploitation of this issue will lead to a sustained DoS.

This issue affects Juniper Networks Junos OS:

  • 21.2 versions earlier than 21.2R3-S5;
  • 21.3 versions earlier than 21.3R3-S5;
  • 21.4 versions earlier than 21.4R3-S4;
  • 22.1 versions earlier than 22.1R3-S3;
  • 22.2 versions earlier than 22.2R3-S1;
  • 22.3 versions earlier than 22.3R2-S2, 22.3R3;
  • 22.4 versions earlier than 22.4R2-S1, 22.4R3.

This issue does not affect Juniper Networks Junos OS versions earlier than 21.2R1.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS21.2 < 21.2R3-S5affected
Juniper NetworksJunos OS21.3 < 21.3R3-S5affected
Juniper NetworksJunos OS21.4 < 21.4R3-S4affected
Juniper NetworksJunos OS22.1 < 22.1R3-S3affected
Juniper NetworksJunos OS22.2 < 22.2R3-S1affected
Juniper NetworksJunos OS22.3 < 22.3R2-S2, 22.3R3affected
Juniper NetworksJunos OS22.4 < 22.4R2-S1, 22.4R3affected

Weaknesses

  • CWE-362: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • Denial of Service

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References