An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked malicious user to cause Denial of Service (DoS). The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail. This CPU utilization of pkid can be checked using this command: root@srx> show system processes extensive | match pkid xxxxx ?root ?103? 0 ?846M ?136M ?CPU1 ?1 569:00 100.00% pkid This issue affects: Juniper Networks Junos OS All versions before 20.4R3-S10; 21.2 versions before 21.2R3-S7; 21.4 versions before 21.4R3-S5; 22.1 versions before 22.1R3-S4; 22.2 versions before 22.2R3-S3; 22.3 versions before 22.3R3-S1; 22.4 versions before 22.4R3; 23.2 versions before 23.2R1-S2, 23.2R2.
Vulmon