Denial of Service (DoS) Vulnerability in Public Key Infrastructure Daemon (pkid)
CVE-2024-30397
7.5HIGH
Key Information:
- Vendor
- Juniper Networks
- Status
- Vendor
- CVE Published:
- 12 April 2024
Badges
๐พ Exploit Exists
Summary
A vulnerability in the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS permits unauthenticated networked attackers to induce a Denial of Service (DoS). When certificate verification fails, the pkid daemon consumes all CPU resources, rendering it unresponsive to subsequent verification attempts. This condition disrupts all VPN negotiations reliant on successful certificate verification, causing significant network service degradation. The issue impacts various versions of Junos OS, making timely updates and patches crucial for network security.
Affected Version(s)
Junos OS 0 < 20.4R3-S10
Junos OS 21.2 < 21.2R3-S7
Junos OS 21.4 < 21.4R3-S5
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database