Vulnerability identifier: #VU59563
Vulnerability risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Juniper Junos OS
Operating systems & Components /
Operating system
Vendor: Juniper Networks, Inc.
Description
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in the Public Key Infrastructure daemon (pkid). In a scenario where Public Key Infrastructure (PKI) is used in combination with Certificate Revocation List (CRL), if the CRL fails to download the memory allocated to store the CRL is not released. Repeated occurrences will eventually consume all available memory and lead to an inoperable state of the affected system causing a DoS.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Juniper Junos OS: 19.2 - 19.2R3-S3, 19.2R1-S4, 18.4 - 18.4R3-S9, 18.4R1-S5, 18.4R2-S3, 21.1 - 21.1R2-S2, 19.1 - 19.1R3-S6, 19.1R1-S4, 19.4 - 19.4R3-S4, 19.4R1 - 19.4R1-S4, 19.3 - 19.3R3-S3, 19.3R1-S1, 19.3R2 - 19.3R2-S7, 18.3 - 18.3R3-S5, 18.3R2-S3, 18.3R3-S1, 20.3 - 20.3R3, 21.2R1 - 21.2R1-S2, 20.1 - 20.1R3, 20.4 - 20.4R2-S2, 20.2 - 20.2R3-S1
External links
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11279&cat=SIRT_1&actp=LIST
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.