First published: Fri Jan 12 2024(Updated: )
A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). On SRX Series devices when two different threads try to simultaneously process a queue which is used for TCP events flowd will crash. One of these threads can not be triggered externally, so the exploitation of this race condition is outside the attackers direct control. Continued exploitation of this issue will lead to a sustained DoS. This issue affects Juniper Networks Junos OS: * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2-S1, 22.4R3. This issue does not affect Juniper Networks Junos OS versions earlier than 21.2R1.
Credit: sirt@juniper.net
Affected Software | Affected Version | How to fix |
---|---|---|
Juniper Junos | =21.2 | |
Juniper Junos | =21.2-r1 | |
Juniper Junos | =21.2-r1-s1 | |
Juniper Junos | =21.2-r1-s2 | |
Juniper Junos | =21.2-r2 | |
Juniper Junos | =21.2-r2-s1 | |
Juniper Junos | =21.2-r2-s2 | |
Juniper Junos | =21.2-r3 | |
Juniper Junos | =21.2-r3-s1 | |
Juniper Junos | =21.2-r3-s2 | |
Juniper Junos | =21.2-r3-s3 | |
Juniper Junos | =21.2-r3-s4 | |
Juniper Junos | =21.3 | |
Juniper Junos | =21.3-r1 | |
Juniper Junos | =21.3-r1-s1 | |
Juniper Junos | =21.3-r1-s2 | |
Juniper Junos | =21.3-r2 | |
Juniper Junos | =21.3-r2-s1 | |
Juniper Junos | =21.3-r2-s2 | |
Juniper Junos | =21.3-r3 | |
Juniper Junos | =21.3-r3-s1 | |
Juniper Junos | =21.3-r3-s2 | |
Juniper Junos | =21.3-r3-s3 | |
Juniper Junos | =21.3-r3-s4 | |
Juniper Junos | =21.4 | |
Juniper Junos | =21.4-r1 | |
Juniper Junos | =21.4-r1-s1 | |
Juniper Junos | =21.4-r1-s2 | |
Juniper Junos | =21.4-r2 | |
Juniper Junos | =21.4-r2-s1 | |
Juniper Junos | =21.4-r2-s2 | |
Juniper Junos | =21.4-r3 | |
Juniper Junos | =21.4-r3-s1 | |
Juniper Junos | =21.4-r3-s2 | |
Juniper Junos | =21.4-r3-s3 | |
Juniper Junos | =22.1 | |
Juniper Junos | =22.1-r1 | |
Juniper Junos | =22.1-r1-s1 | |
Juniper Junos | =22.1-r1-s2 | |
Juniper Junos | =22.1-r2 | |
Juniper Junos | =22.1-r2-s1 | |
Juniper Junos | =22.1-r2-s2 | |
Juniper Junos | =22.1-r3 | |
Juniper Junos | =22.1-r3-s1 | |
Juniper Junos | =22.1-r3-s2 | |
Juniper Junos | =22.2 | |
Juniper Junos | =22.2-r1 | |
Juniper Junos | =22.2-r1-s1 | |
Juniper Junos | =22.2-r1-s2 | |
Juniper Junos | =22.2-r2 | |
Juniper Junos | =22.2-r2-s1 | |
Juniper Junos | =22.2-r2-s2 | |
Juniper Junos | =22.2-r3 | |
Juniper Junos | =22.3 | |
Juniper Junos | =22.3-r1 | |
Juniper Junos | =22.3-r1-s1 | |
Juniper Junos | =22.3-r1-s2 | |
Juniper Junos | =22.3-r2 | |
Juniper Junos | =22.3-r2-s1 | |
Juniper Junos | =22.4 | |
Juniper Junos | =22.4-r1 | |
Juniper Junos | =22.4-r1-s1 | |
Juniper Junos | =22.4-r1-s2 | |
Juniper Junos | =22.4-r2 |
The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S5, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, 23.2R1, and all subsequent releases.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-21601 has a CVSS score that indicates a medium severity vulnerability.
To remediate CVE-2024-21601, upgrade to the patched versions of Junos OS as provided in the security advisory.
CVE-2024-21601 affects multiple versions of Junos OS on SRX Series devices.
CVE-2024-21601 can be exploited by unauthenticated, network-based attackers.
CVE-2024-21601 can result in a Denial-of-Service (DoS) condition.