CVE-2023-44188

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 20.4R3-S9 Juniper Networks Junos OS versions 21.1R1 and later Juniper Networks Junos OS versions prior to 21.2R3-S6 Juniper Networks Junos OS versions prior to 21.3R3-S5 Juniper Networks Junos OS versions prior to 21.4R3-S5 Juniper Networks Junos OS versions prior to 22.1R3-S4 Juniper Networks Junos OS versions prior to 22.2R3-S2 Juniper Networks Junos OS versions prior to 22.3R2-S1, 22.3R3-S1 Juniper Networks Junos OS versions prior to 22.4R2-S2, 22.4R3 Juniper Networks Junos OS versions prior to 23.1R2

Description A Time-of-check Time-of-use (TOCTOU) Race Condition issue in the telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, leading to a Denial of Service (DoS). The crash is triggered when multiple telemetry requests come from different collectors. As the load increases, the Dynamic Rendering Daemon (drend) decides to defer processing and continue later, which results in a timing issue accessing stale memory, causing the jkdsd process to crash and restart.

Recommendations For Juniper Networks Junos OS versions prior to 20.4R3-S9, update to version 20.4R3-S9 or later. For Juniper Networks Junos OS versions 21.1R1 and later, update to a version that is not affected by this issue. For Juniper Networks Junos OS versions prior to 21.2R3-S6, update to version 21.2R3-S6 or later. For Juniper Networks Junos OS versions prior to 21.3R3-S5, update to version 21.3R3-S5 or later. For Juniper Networks Junos OS versions prior to 21.4R3-S5, update to version 21.4R3-S5 or later. For Juniper Networks Junos OS versions prior to 22.1R3-S4, update to version 22.1R3-S4 or later. For Juniper Networks Junos OS versions prior to 22.2R3-S2, update to version 22.2R3-S2 or later. For Juniper Networks Junos OS versions prior to 22.3R2-S1, 22.3R3-S1, update to version 22.3R2-S1, 22.3R3-S1 or later. For Juniper Networks Junos OS versions prior to 22.4R2-S2, 22.4R3, update to version 22.4R2-S2, 22.4R3 or later. For Juniper Networks Junos OS versions prior to 23.1R2, update to version 23.1R2 or later. As a temporary workaround, consider restricting access to the telemetry processing functionality to minimize the risk of exploitation.