What is the severity of CVE-2024-30397?

CVE-2024-30397 has a severity rating that allows unauthenticated attackers to cause Denial of Service (DoS) in affected Juniper Networks Junos OS versions.

How do I fix CVE-2024-30397?

To fix CVE-2024-30397, upgrade to the latest version of Junos OS that is not impacted by this vulnerability.

What versions of Junos OS are affected by CVE-2024-30397?

CVE-2024-30397 affects multiple versions of Junos OS including but not limited to 20.4R3-S10, 21.2R3-S7, 21.4R3-S5, and 22.1R3-S4.

Can CVE-2024-30397 be exploited remotely?

Yes, CVE-2024-30397 can be exploited by an unauthenticated networked attacker, allowing them to cause a Denial of Service.

What is the impact of CVE-2024-30397 on network devices?

The impact of CVE-2024-30397 on network devices is denial of service, potentially disrupting operations and availability.

Vulnerability/
CVE-2024-30397

high

8.7

CWE

754

EPSS

0.043%

12/4/2024

6/2/2025

CVE-2024-30397: Junos OS: An invalid certificate causes a Denial of Service in the Internet Key Exchange (IKE) process

First published: Fri Apr 12 2024(Updated: )

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail. This CPU utilization of pkid can be checked using this command: root@srx> show system processes extensive | match pkid xxxxx root 103 0 846M 136M CPU1 1 569:00 100.00% pkid This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S10; * 21.2 versions prior to 21.2R3-S7; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S3; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R3; * 23.2 versions prior to 23.2R1-S2, 23.2R2.

Credit: sirt@juniper.net

Affected Software	Affected Version	How to fix
Juniper Networks Junos OS	<20.4R3-S10<21.2R3-S7<21.4R3-S5<22.1R3-S4<22.2R3-S3<22.3R3-S1<22.4R3<23.2R1-S2<23.2R2
Juniper JUNOS	<20.4
Juniper JUNOS	=20.4
Juniper JUNOS	=20.4-r1
Juniper JUNOS	=20.4-r1-s1
Juniper JUNOS	=20.4-r2
Juniper JUNOS	=20.4-r2-s1
Juniper JUNOS	=20.4-r2-s2
Juniper JUNOS	=20.4-r3
Juniper JUNOS	=20.4-r3-s1
Juniper JUNOS	=20.4-r3-s2
Juniper JUNOS	=20.4-r3-s3
Juniper JUNOS	=20.4-r3-s4
Juniper JUNOS	=20.4-r3-s5
Juniper JUNOS	=20.4-r3-s6
Juniper JUNOS	=20.4-r3-s7
Juniper JUNOS	=20.4-r3-s8
Juniper JUNOS	=20.4-r3-s9
Juniper JUNOS	=21.2
Juniper JUNOS	=21.2-r1
Juniper JUNOS	=21.2-r1-s1
Juniper JUNOS	=21.2-r1-s2
Juniper JUNOS	=21.2-r2
Juniper JUNOS	=21.2-r2-s1
Juniper JUNOS	=21.2-r2-s2
Juniper JUNOS	=21.2-r3
Juniper JUNOS	=21.2-r3-s1
Juniper JUNOS	=21.2-r3-s2
Juniper JUNOS	=21.2-r3-s3
Juniper JUNOS	=21.2-r3-s4
Juniper JUNOS	=21.2-r3-s5
Juniper JUNOS	=21.2-r3-s6
Juniper JUNOS	=21.4
Juniper JUNOS	=21.4-r1
Juniper JUNOS	=21.4-r1-s1
Juniper JUNOS	=21.4-r1-s2
Juniper JUNOS	=21.4-r2
Juniper JUNOS	=21.4-r2-s1
Juniper JUNOS	=21.4-r2-s2
Juniper JUNOS	=21.4-r3
Juniper JUNOS	=21.4-r3-s1
Juniper JUNOS	=21.4-r3-s2
Juniper JUNOS	=21.4-r3-s3
Juniper JUNOS	=21.4-r3-s4
Juniper JUNOS	=22.1
Juniper JUNOS	=22.1-r1
Juniper JUNOS	=22.1-r1-s1
Juniper JUNOS	=22.1-r1-s2
Juniper JUNOS	=22.1-r2
Juniper JUNOS	=22.1-r2-s1
Juniper JUNOS	=22.1-r2-s2
Juniper JUNOS	=22.1-r3
Juniper JUNOS	=22.1-r3-s1
Juniper JUNOS	=22.1-r3-s2
Juniper JUNOS	=22.1-r3-s3
Juniper JUNOS	=22.2
Juniper JUNOS	=22.2-r1
Juniper JUNOS	=22.2-r1-s1
Juniper JUNOS	=22.2-r1-s2
Juniper JUNOS	=22.2-r2
Juniper JUNOS	=22.2-r2-s1
Juniper JUNOS	=22.2-r2-s2
Juniper JUNOS	=22.2-r3
Juniper JUNOS	=22.2-r3-s1
Juniper JUNOS	=22.2-r3-s2
Juniper JUNOS	=22.3
Juniper JUNOS	=22.3-r1
Juniper JUNOS	=22.3-r1-s1
Juniper JUNOS	=22.3-r1-s2
Juniper JUNOS	=22.3-r2
Juniper JUNOS	=22.3-r2-s1
Juniper JUNOS	=22.3-r2-s2
Juniper JUNOS	=22.3-r3
Juniper JUNOS	=22.4
Juniper JUNOS	=22.4-r1
Juniper JUNOS	=22.4-r1-s1
Juniper JUNOS	=22.4-r1-s2
Juniper JUNOS	=22.4-r2
Juniper JUNOS	=22.4-r2-s1
Juniper JUNOS	=22.4-r2-s2
Juniper JUNOS	=23.2
Juniper JUNOS	=23.2-r1
Juniper JUNOS	=23.2-r1-s1

Remedy

The following software releases have been updated to resolve this specific issue: 20.4R3-S10, 21.2R3-S7, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-30397?
CVE-2024-30397 has a severity rating that allows unauthenticated attackers to cause Denial of Service (DoS) in affected Juniper Networks Junos OS versions.
How do I fix CVE-2024-30397?
To fix CVE-2024-30397, upgrade to the latest version of Junos OS that is not impacted by this vulnerability.
What versions of Junos OS are affected by CVE-2024-30397?
CVE-2024-30397 affects multiple versions of Junos OS including but not limited to 20.4R3-S10, 21.2R3-S7, 21.4R3-S5, and 22.1R3-S4.
Can CVE-2024-30397 be exploited remotely?
Yes, CVE-2024-30397 can be exploited by an unauthenticated networked attacker, allowing them to cause a Denial of Service.
What is the impact of CVE-2024-30397 on network devices?
The impact of CVE-2024-30397 on network devices is denial of service, potentially disrupting operations and availability.

agent/title
agent/weakness
agent/first-publish-date
agent/type
collector/epss-latest
source/FIRST
agent/epss
agent/author
agent/remedy
agent/references
collector/mitre-cve
source/MITRE
agent/source
agent/guess-ai
agent/software-canonical-lookup
collector/nvd-api
source/NVD
agent/last-modified-date
agent/severity
agent/tags
agent/description
agent/softwarecombine
agent/event
vendor/juniper networks
canonical/juniper networks junos os
vendor/juniper
canonical/juniper junos
version/juniper junos/20.4
version/juniper junos/20.4-r1
version/juniper junos/20.4-r1-s1
version/juniper junos/20.4-r2
version/juniper junos/20.4-r2-s1
version/juniper junos/20.4-r2-s2
version/juniper junos/20.4-r3
version/juniper junos/20.4-r3-s1
version/juniper junos/20.4-r3-s2
version/juniper junos/20.4-r3-s3
version/juniper junos/20.4-r3-s4
version/juniper junos/20.4-r3-s5
version/juniper junos/20.4-r3-s6
version/juniper junos/20.4-r3-s7
version/juniper junos/20.4-r3-s8
version/juniper junos/20.4-r3-s9
version/juniper junos/21.2
version/juniper junos/21.2-r1
version/juniper junos/21.2-r1-s1
version/juniper junos/21.2-r1-s2
version/juniper junos/21.2-r2
version/juniper junos/21.2-r2-s1
version/juniper junos/21.2-r2-s2
version/juniper junos/21.2-r3
version/juniper junos/21.2-r3-s1
version/juniper junos/21.2-r3-s2
version/juniper junos/21.2-r3-s3
version/juniper junos/21.2-r3-s4
version/juniper junos/21.2-r3-s5
version/juniper junos/21.2-r3-s6
version/juniper junos/21.4
version/juniper junos/21.4-r1
version/juniper junos/21.4-r1-s1
version/juniper junos/21.4-r1-s2
version/juniper junos/21.4-r2
version/juniper junos/21.4-r2-s1
version/juniper junos/21.4-r2-s2
version/juniper junos/21.4-r3
version/juniper junos/21.4-r3-s1
version/juniper junos/21.4-r3-s2
version/juniper junos/21.4-r3-s3
version/juniper junos/21.4-r3-s4
version/juniper junos/22.1
version/juniper junos/22.1-r1
version/juniper junos/22.1-r1-s1
version/juniper junos/22.1-r1-s2
version/juniper junos/22.1-r2
version/juniper junos/22.1-r2-s1
version/juniper junos/22.1-r2-s2
version/juniper junos/22.1-r3
version/juniper junos/22.1-r3-s1
version/juniper junos/22.1-r3-s2
version/juniper junos/22.1-r3-s3
version/juniper junos/22.2
version/juniper junos/22.2-r1
version/juniper junos/22.2-r1-s1
version/juniper junos/22.2-r1-s2
version/juniper junos/22.2-r2
version/juniper junos/22.2-r2-s1
version/juniper junos/22.2-r2-s2
version/juniper junos/22.2-r3
version/juniper junos/22.2-r3-s1
version/juniper junos/22.2-r3-s2
version/juniper junos/22.3
version/juniper junos/22.3-r1
version/juniper junos/22.3-r1-s1
version/juniper junos/22.3-r1-s2
version/juniper junos/22.3-r2
version/juniper junos/22.3-r2-s1
version/juniper junos/22.3-r2-s2
version/juniper junos/22.3-r3
version/juniper junos/22.4
version/juniper junos/22.4-r1
version/juniper junos/22.4-r1-s1
version/juniper junos/22.4-r1-s2
version/juniper junos/22.4-r2
version/juniper junos/22.4-r2-s1
version/juniper junos/22.4-r2-s2
version/juniper junos/23.2
version/juniper junos/23.2-r1
version/juniper junos/23.2-r1-s1

CVE-2024-30397: Junos OS: An invalid certificate causes a Denial of Service in the Internet Key Exchange (IKE) process

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-30397?

How do I fix CVE-2024-30397?

What versions of Junos OS are affected by CVE-2024-30397?

Can CVE-2024-30397 be exploited remotely?

What is the impact of CVE-2024-30397 on network devices?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-30397?

How do I fix CVE-2024-30397?

What versions of Junos OS are affected by CVE-2024-30397?

Can CVE-2024-30397 be exploited remotely?

What is the impact of CVE-2024-30397 on network devices?