Juniper Networks Junos OS and Junos OS Evolved Incorrect Synchronization Vulnerability Leading to Denial-of-Service

A vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved creates an incorrect synchronization issue. This flaw allows a network-based attacker with low privileges to cause a complete denial-of-service (DoS) on the management plane. The problem arises when NETCONF sessions are rapidly opened and closed, causing a locking issue that leaves mgd processes in a hung state. Once the maximum number of mgd processes is reached, new logins are blocked, rendering the device unmanageable and requiring a power cycle for recovery. This vulnerability affects Junos OS versions 23.4 (prior to 23.4R2-S4), 24.2 (prior to 24.2R2-S1), and 24.4 (prior to 24.4R1-S3 and 24.4R2). In Junos OS Evolved, the affected versions are 23.4 (prior to 23.4R2-S5-EVO), 24.2 (prior to 24.2R2-S1-EVO), and 24.4 (prior to 24.4R1-S3-EVO and 24.4R2-EVO).

Impact

Exploitation of this vulnerability leads to a complete denial-of-service condition on the management plane, causing mgd processes to hang in an unusable state. This blockage prevents new logins, disrupts device management, and necessitates a power cycle to restore functionality.

Remediation

Users can upgrade to Junos OS versions 23.4R2-S4, 24.2R2-S1, 24.4R1-S3, 24.4R2, 25.2R1, and all subsequent releases. For Junos OS Evolved, the updated versions are 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases. As a workaround, access lists or firewall filters can be used to restrict device access to trusted hosts and administrators. Additionally, the connection and rate limits for NETCONF over SSH can be adjusted to reduce the risk of exploitation.