Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2021-AVI-290
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Junos OS versions antérieures à 12.3R12-S15, 12.3R12-S17, 12.3X48-D105, 12.3X48-D95, 14.1X53-D49, 15.1R7-S6, 15.1R7-S8, 15.1R7-S9, 15.1X49-D190, 15.1X49-D191, 15.1X49-D200, 15.1X49-D230, 15.1X49-D240, 15.1X53-D592, 16.1R7-S7, 16.1R7-S8, 16.1R8, 16.2R2-S11, 16.2R3, 17.1R2-S11, 17.1R2-S12, 17.1R3, 17.1R3-S2, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.3R2-S5, 17.3R3-S10, 17.3R3-S11, 17.3R3-S7, 17.3R3-S8, 17.3R3-S9, 17.4R2-S10, 17.4R2-S12, 17.4R2-S13, 17.4R2-S6, 17.4R2-S9, 17.4R3, 17.4R3-S2, 17.4R3-S3, 17.4R3-S4, 17.4R3-S5, 18.1R3-S10, 18.1R3-S11, 18.1R3-S12, 18.1R3-S13, 18.1R3-S5, 18.1R3-S7, 18.1R3-S9, 18.2R2-S6, 18.2R2-S7, 18.2R2-S8, 18.2R3, 18.2R3-S1, 18.2R3-S3, 18.2R3-S5, 18.2R3-S6, 18.2R3-S7, 18.2R3-S8, 18.3R1-S7, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.3R3-S3, 18.3R3-S4, 18.3R3-S5, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R1-S8, 18.4R2, 18.4R2-S3, 18.4R2-S4, 18.4R2-S5, 18.4R2-S6, 18.4R2-S7, 18.4R2-S8, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3, 18.4R3-S4, 18.4R3-S5, 18.4R3-S6, 18.4R3-S7, 19.1R1, 19.1R1-S3, 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.1R3-S3, 19.1R3-S4, 19.2R1, 19.2R1-S1, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R1-S6, 19.2R2, 19.2R3, 19.2R3-S1, 19.2R3-S2, 19.3R1, 19.3R2, 19.3R2-S3, 19.3R2-S4, 19.3R2-S5, 19.3R3, 19.3R3-S1, 19.3R3-S2, 19.4R1, 19.4R1-S1, 19.4R1-S3, 19.4R2, 19.4R2-S2, 19.4R2-S4, 19.4R3, 19.4R3-S1, 19.4R3-S2, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R1-S3, 20.1R2, 20.1R2-S1, 20.1R3, 20.2R1, 20.2R1-S1, 20.2R1-S2, 20.2R2, 20.2R2-S1, 20.2R2-S2, 20.2R2-S3, 20.2R3, 20.3R1, 20.3R1-S1, 20.3R1-S2, 20.3R2, 20.3R3, 20.4R1, 20.4R1-S1, 20.4R2 et 21.1R1
- Junos OS Evolved versions antérieures à 19.2R2-EVO, 19.4R2-EVO, 20.1R1-EVO, 20.3R2-EVO, 20.4R1-EVO, 20.4R2-EVO et 21.1R1-EVO
- Paragon Active Assurance Control Center versions antérieures à 2.35.6, 2.36.2 et 3.0.0
- AppFormix versions antérieures à 3.1.22, 3.2.14 et 3.3.0
Les vulnérabilités CVE-2021-0248 (score CVSSv3 : 10, https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11141&cat=SIRT_1&actp=LIST) et CVE-2021-0254 (score CVSSv3 : 9.8, https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11147&cat=SIRT_1&actp=LIST) sont les plus critiques de ce présent avis.
Impacted products
| Vendor | Product | Description |
|---|
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eJunos OS versions ant\u00e9rieures \u00e0 12.3R12-S15, 12.3R12-S17, 12.3X48-D105, 12.3X48-D95, 14.1X53-D49, 15.1R7-S6, 15.1R7-S8, 15.1R7-S9, 15.1X49-D190, 15.1X49-D191, 15.1X49-D200, 15.1X49-D230, 15.1X49-D240, 15.1X53-D592, 16.1R7-S7, 16.1R7-S8, 16.1R8, 16.2R2-S11, 16.2R3, 17.1R2-S11, 17.1R2-S12, 17.1R3, 17.1R3-S2, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.3R2-S5, 17.3R3-S10, 17.3R3-S11, 17.3R3-S7, 17.3R3-S8, 17.3R3-S9, 17.4R2-S10, 17.4R2-S12, 17.4R2-S13, 17.4R2-S6, 17.4R2-S9, 17.4R3, 17.4R3-S2, 17.4R3-S3, 17.4R3-S4, 17.4R3-S5, 18.1R3-S10, 18.1R3-S11, 18.1R3-S12, 18.1R3-S13, 18.1R3-S5, 18.1R3-S7, 18.1R3-S9, 18.2R2-S6, 18.2R2-S7, 18.2R2-S8, 18.2R3, 18.2R3-S1, 18.2R3-S3, 18.2R3-S5, 18.2R3-S6, 18.2R3-S7, 18.2R3-S8, 18.3R1-S7, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.3R3-S3, 18.3R3-S4, 18.3R3-S5, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R1-S8, 18.4R2, 18.4R2-S3, 18.4R2-S4, 18.4R2-S5, 18.4R2-S6, 18.4R2-S7, 18.4R2-S8, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3, 18.4R3-S4, 18.4R3-S5, 18.4R3-S6, 18.4R3-S7, 19.1R1, 19.1R1-S3, 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.1R3-S3, 19.1R3-S4, 19.2R1, 19.2R1-S1, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R1-S6, 19.2R2, 19.2R3, 19.2R3-S1, 19.2R3-S2, 19.3R1, 19.3R2, 19.3R2-S3, 19.3R2-S4, 19.3R2-S5, 19.3R3, 19.3R3-S1, 19.3R3-S2, 19.4R1, 19.4R1-S1, 19.4R1-S3, 19.4R2, 19.4R2-S2, 19.4R2-S4, 19.4R3, 19.4R3-S1, 19.4R3-S2, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R1-S3, 20.1R2, 20.1R2-S1, 20.1R3, 20.2R1, 20.2R1-S1, 20.2R1-S2, 20.2R2, 20.2R2-S1, 20.2R2-S2, 20.2R2-S3, 20.2R3, 20.3R1, 20.3R1-S1, 20.3R1-S2, 20.3R2, 20.3R3, 20.4R1, 20.4R1-S1, 20.4R2 et 21.1R1\u003c/li\u003e \u003cli\u003eJunos OS Evolved versions ant\u00e9rieures \u00e0 19.2R2-EVO, 19.4R2-EVO, 20.1R1-EVO, 20.3R2-EVO, 20.4R1-EVO, 20.4R2-EVO et 21.1R1-EVO\u003c/li\u003e \u003cli\u003eParagon Active Assurance Control Center versions ant\u00e9rieures \u00e0 2.35.6, 2.36.2 et 3.0.0\u003c/li\u003e \u003cli\u003eAppFormix versions ant\u00e9rieures \u00e0 3.1.22, 3.2.14 et 3.3.0\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes vuln\u00e9rabilit\u00e9s\u00a0CVE-2021-0248 (score CVSSv3 : 10, \u003ca href=\"https://kb.juniper.net/InfoCenter/index?page=content\u0026amp;id=JSA11141\u0026amp;cat=SIRT_1\u0026amp;actp=LIST\"\u003ehttps://kb.juniper.net/InfoCenter/index?page=content\u0026amp;id=JSA11141\u0026amp;cat=SIRT_1\u0026amp;actp=LIST\u003c/a\u003e) et\u00a0CVE-2021-0254 (score CVSSv3 : 9.8, \u003ca href=\"https://kb.juniper.net/InfoCenter/index?page=content\u0026amp;id=JSA11147\u0026amp;cat=SIRT_1\u0026amp;actp=LIST\"\u003ehttps://kb.juniper.net/InfoCenter/index?page=content\u0026amp;id=JSA11147\u0026amp;cat=SIRT_1\u0026amp;actp=LIST\u003c/a\u003e) sont les plus critiques de ce pr\u00e9sent avis.\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-0250",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0250"
},
{
"name": "CVE-2021-0238",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0238"
},
{
"name": "CVE-2021-0254",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0254"
},
{
"name": "CVE-2021-0263",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0263"
},
{
"name": "CVE-2021-0243",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0243"
},
{
"name": "CVE-2021-0273",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0273"
},
{
"name": "CVE-2021-0262",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0262"
},
{
"name": "CVE-2021-0237",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0237"
},
{
"name": "CVE-2021-0264",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0264"
},
{
"name": "CVE-2021-0248",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0248"
},
{
"name": "CVE-2021-0272",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0272"
},
{
"name": "CVE-2021-0233",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0233"
},
{
"name": "CVE-2021-0269",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0269"
},
{
"name": "CVE-2021-0236",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0236"
},
{
"name": "CVE-2021-0251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0251"
},
{
"name": "CVE-2021-0244",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0244"
},
{
"name": "CVE-2021-0267",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0267"
},
{
"name": "CVE-2021-0253",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0253"
},
{
"name": "CVE-2021-0232",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0232"
},
{
"name": "CVE-2021-0260",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0260"
},
{
"name": "CVE-2021-0271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0271"
},
{
"name": "CVE-2021-0249",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0249"
},
{
"name": "CVE-2021-0234",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0234"
},
{
"name": "CVE-2021-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0235"
},
{
"name": "CVE-2021-0239",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0239"
},
{
"name": "CVE-2021-0266",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0266"
},
{
"name": "CVE-2021-0259",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0259"
},
{
"name": "CVE-2021-0265",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0265"
},
{
"name": "CVE-2021-0275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0275"
},
{
"name": "CVE-2021-0268",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0268"
},
{
"name": "CVE-2021-0261",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0261"
},
{
"name": "CVE-2021-0245",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0245"
},
{
"name": "CVE-2021-0252",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0252"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-290",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11160 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11160\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11152 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11152\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11154 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11154\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11162 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11162\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11150 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11150\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11130 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11130\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11163 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11163\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11144 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11144\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11155 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11155\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11133 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11133\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11166 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11166\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11164 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11164\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11157 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11157\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11137 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11137\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11151 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11151\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11145 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11145\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11132 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11132\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11158 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11158\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11128 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11128\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11153 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11153\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11143 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11143\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11129 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11129\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11136 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11136\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11156 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11156\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11159 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11159\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11134 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11134\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11131 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11131\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11141 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11141\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11146 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11146\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11142 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11142\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11127 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11127\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11138 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11138\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11147 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11147\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CVE-2021-0261 (GCVE-0-2021-0261)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 19:57
VLAI?
EPSS
Summary
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17 on EX Series; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230 on SRX Series; 16.1 versions prior to 16.1R7-S8; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
12.3 , < 12.3R12-S17
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11152"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"EX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3R12-S17",
"status": "affected",
"version": "12.3",
"versionType": "custom"
}
]
},
{
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3X48-D105",
"status": "affected",
"version": "12.3X48",
"versionType": "custom"
},
{
"lessThan": "15.1X49-D230",
"status": "affected",
"version": "15.1X49",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1R7-S8",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "16.1R7-S8",
"status": "affected",
"version": "16.1",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S12, 17.4R3-S3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S11",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S6",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R2-S4, 18.3R3-S3",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S5, 18.4R3-S4",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S2, 19.1R3-S2",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S5, 19.2R3",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S4, 19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S3, 19.4R2-S2, 19.4R3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R1-S3, 20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R1-S1, 20.2R2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following are examples of the config stanzas that use the web-service that are vulnerable to this issue:\n\n [system services web-management http]\n [system services web-management https]\n [services captive-portal secure-authentication]\n [security dynamic-vpn] in combination with clients using https://\u003csrx-ip\u003e/(dynamic-vpn) to establish the vpn\n [access firewall-authentication web-authentication] in combination with [security policies ... then permit firewall-authentication web-authentication client-match ...]\n [access firewall-authentication pass-through http] in combination with [security policies ... then permit firewall-authentication pass-through web-redirect]"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17 on EX Series; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230 on SRX Series; 16.1 versions prior to 16.1R7-S8; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:20",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11152"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S17, 12.3X48-D105, 15.1R7-S8, 15.1X49-D230, 16.1R7-S8, 17.4R2-S12, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2-S2, 19.4R3, 20.1R1-S3, 20.1R2, 20.2R1-S1, 20.2R2, 20.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11152",
"defect": [
"1513887"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: Denial of Service vulnerability in J-Web and web based (HTTP/HTTPS) services caused by a high number of specific requests",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue other than disabling the web-service:\n[deactivate system services web-management]\n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts.\n\nThe \u0027restart web-management\u0027 command can be used to restart the web-service to recover from this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0261",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Denial of Service vulnerability in J-Web and web based (HTTP/HTTPS) services caused by a high number of specific requests"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX Series",
"version_affected": "\u003c",
"version_name": "12.3",
"version_value": "12.3R12-S17"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "12.3X48",
"version_value": "12.3X48-D105"
},
{
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S8"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "15.1X49",
"version_value": "15.1X49-D230"
},
{
"version_affected": "\u003c",
"version_name": "16.1",
"version_value": "16.1R7-S8"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S12, 17.4R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R3"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S4, 19.3R3"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2-S2, 19.4R3"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1-S3, 20.1R2"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R1-S1, 20.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The following are examples of the config stanzas that use the web-service that are vulnerable to this issue:\n\n [system services web-management http]\n [system services web-management https]\n [services captive-portal secure-authentication]\n [security dynamic-vpn] in combination with clients using https://\u003csrx-ip\u003e/(dynamic-vpn) to establish the vpn\n [access firewall-authentication web-authentication] in combination with [security policies ... then permit firewall-authentication web-authentication client-match ...]\n [access firewall-authentication pass-through http] in combination with [security policies ... then permit firewall-authentication pass-through web-redirect]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17 on EX Series; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230 on SRX Series; 16.1 versions prior to 16.1R7-S8; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11152",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11152"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S17, 12.3X48-D105, 15.1R7-S8, 15.1X49-D230, 16.1R7-S8, 17.4R2-S12, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2-S2, 19.4R3, 20.1R1-S3, 20.1R2, 20.2R1-S1, 20.2R2, 20.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11152",
"defect": [
"1513887"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue other than disabling the web-service:\n[deactivate system services web-management]\n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts.\n\nThe \u0027restart web-management\u0027 command can be used to restart the web-service to recover from this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0261",
"datePublished": "2021-04-22T19:37:20.160991Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T19:57:30.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0273 (GCVE-0-2021-0273)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 00:26
VLAI?
EPSS
Summary
An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to cause packets destined to the devices interfaces to cause a Denial of Service (DoS) condition by looping the packet with an unreachable exit condition ('Infinite Loop'). To break this loop once it begins one side of the affected LT interfaces will need to be disabled. Once disabled, the condition will clear and the disabled LT interface can be reenabled. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only affects LT-LT interfaces. Any other interfaces are not affected by this issue. This issue affects the following cards: MPCE Type 3 3D MPC4E 3D 32XGE MPC4E 3D 2CGE+8XGE EX9200 32x10G SFP EX9200-2C-8XS FPC Type 5-3D FPC Type 5-LSR EX9200 4x40G QSFP An Indicator of Compromise (IoC) can be seen by examining the traffic of the LT-LT interfaces for excessive traffic using the following command: monitor interface traffic Before loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3759900268942 (1456 bps) [0] <---------- LT interface utilization is low Output bytes: 3759900344309 (1456 bps) [0] <---------- LT interface utilization is low After loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3765160313129 (2158268368 bps) [5260044187] <---------- LT interface utilization is very high Output bytes: 3765160399522 (2158266440 bps) [5260055213] <---------- LT interface utilization is very high This issue affects: Juniper Networks Junos OS on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960. Versions 15.1F6, 16.1R1, and later versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. This issue does not affect the MX10001. This issue does not affect Juniper Networks Junos OS versions prior to 15.1F6, 16.1R1. Juniper Networks Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 19.4 versions prior to 19.4R2-EVO. This issue does not affect the MX10001.
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Unaffected:
unspecified , < 15.1F6, 16.1R1
(custom)
Affected: 15.1F6 , < 15.1* (custom) Affected: 16.1R1 , < 16.1* (custom) Affected: 17.1 , < 17.1R2-S12 (custom) Affected: 17.2 , < 17.2R3-S4 (custom) Affected: 17.3 , < 17.3R3-S8 (custom) Affected: 17.4 , < 17.4R2-S10, 17.4R3-S2 (custom) Affected: 18.1 , < 18.1R3-S10 (custom) Affected: 18.2 , < 18.2R2-S7, 18.2R3-S3 (custom) Affected: 18.3 , < 18.3R1-S7, 18.3R3-S2 (custom) Affected: 18.4 , < 18.4R1-S7, 18.4R2-S4, 18.4R3-S2 (custom) Affected: 19.1 , < 19.1R1-S5, 19.1R2-S1, 19.1R3 (custom) Affected: 19.2 , < 19.2R1-S4, 19.2R2 (custom) Affected: 19.3 , < 19.3R2-S3, 19.3R3 (custom) Affected: 19.4 , < 19.4R1-S1, 19.4R2 (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1F6, 16.1R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "15.1*",
"status": "affected",
"version": "15.1F6",
"versionType": "custom"
},
{
"changes": [
{
"at": "16.1R7-S8",
"status": "unaffected"
}
],
"lessThan": "16.1*",
"status": "affected",
"version": "16.1R1",
"versionType": "custom"
},
{
"lessThan": "17.1R2-S12",
"status": "affected",
"version": "17.1",
"versionType": "custom"
},
{
"lessThan": "17.2R3-S4",
"status": "affected",
"version": "17.2",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S8",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S10, 17.4R3-S2",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S10",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S7, 18.2R3-S3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R1-S7, 18.3R3-S2",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S7, 18.4R2-S4, 18.4R3-S2",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S5, 19.1R2-S1, 19.1R3",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S4, 19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S3, 19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S1, 19.4R2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
}
]
},
{
"platforms": [
"ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.4R2-EVO",
"status": "affected",
"version": "19.4",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "An example of an affected configuration is one where a Trio chipset line card is in use with a logical-tunnel interface set up to communicate to a second logical tunnel (LT-to-LT) interface."
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to cause packets destined to the devices interfaces to cause a Denial of Service (DoS) condition by looping the packet with an unreachable exit condition (\u0027Infinite Loop\u0027). To break this loop once it begins one side of the affected LT interfaces will need to be disabled. Once disabled, the condition will clear and the disabled LT interface can be reenabled. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only affects LT-LT interfaces. Any other interfaces are not affected by this issue. This issue affects the following cards: MPCE Type 3 3D MPC4E 3D 32XGE MPC4E 3D 2CGE+8XGE EX9200 32x10G SFP EX9200-2C-8XS FPC Type 5-3D FPC Type 5-LSR EX9200 4x40G QSFP An Indicator of Compromise (IoC) can be seen by examining the traffic of the LT-LT interfaces for excessive traffic using the following command: monitor interface traffic Before loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3759900268942 (1456 bps) [0] \u003c---------- LT interface utilization is low Output bytes: 3759900344309 (1456 bps) [0] \u003c---------- LT interface utilization is low After loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3765160313129 (2158268368 bps) [5260044187] \u003c---------- LT interface utilization is very high Output bytes: 3765160399522 (2158266440 bps) [5260055213] \u003c---------- LT interface utilization is very high This issue affects: Juniper Networks Junos OS on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960. Versions 15.1F6, 16.1R1, and later versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. This issue does not affect the MX10001. This issue does not affect Juniper Networks Junos OS versions prior to 15.1F6, 16.1R1. Juniper Networks Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 19.4 versions prior to 19.4R2-EVO. This issue does not affect the MX10001."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670: Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:28",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11164"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 16.1R7-S8, 17.1R2-S12, 17.2R3-S4, 17.3R3-S8, 17.4R2-S10, 17.4R3-S2, 18.1R3-S10, 18.2R2-S7, 18.2R3-S3, 18.3R1-S7, 18.3R3-S2, 18.4R1-S7, 18.4R2-S4, 18.4R3-S2, 19.1R1-S5, 19.1R2-S1, 19.1R3, 19.2R1-S4, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S1, 19.4R2, 20.1R1, and all subsequent releases.\n\nJunos OS Evolved: 19.4R2-EVO, 20.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11164",
"defect": [
"1478759"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: Trio Chipset: Denial of Service due to packet destined to device\u0027s interfaces.",
"workarounds": [
{
"lang": "en",
"value": "There are no available workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0273",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: Trio Chipset: Denial of Service due to packet destined to device\u0027s interfaces."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003e=",
"version_name": "15.1",
"version_value": "15.1F6"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003e=",
"version_name": "16.1",
"version_value": "16.1R1"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "16.1",
"version_value": "16.1R7-S8"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "17.1",
"version_value": "17.1R2-S12"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "17.2",
"version_value": "17.2R3-S4"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S10, 17.4R3-S2"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3-S3"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R1-S7, 18.3R3-S2"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S7, 18.4R2-S4, 18.4R3-S2"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S5, 19.1R2-S1, 19.1R3"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S4, 19.2R2"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S3, 19.3R3"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S1, 19.4R2"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "!\u003c",
"version_value": "15.1F6, 16.1R1"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "An example of an affected configuration is one where a Trio chipset line card is in use with a logical-tunnel interface set up to communicate to a second logical tunnel (LT-to-LT) interface."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to cause packets destined to the devices interfaces to cause a Denial of Service (DoS) condition by looping the packet with an unreachable exit condition (\u0027Infinite Loop\u0027). To break this loop once it begins one side of the affected LT interfaces will need to be disabled. Once disabled, the condition will clear and the disabled LT interface can be reenabled. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only affects LT-LT interfaces. Any other interfaces are not affected by this issue. This issue affects the following cards: MPCE Type 3 3D MPC4E 3D 32XGE MPC4E 3D 2CGE+8XGE EX9200 32x10G SFP EX9200-2C-8XS FPC Type 5-3D FPC Type 5-LSR EX9200 4x40G QSFP An Indicator of Compromise (IoC) can be seen by examining the traffic of the LT-LT interfaces for excessive traffic using the following command: monitor interface traffic Before loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3759900268942 (1456 bps) [0] \u003c---------- LT interface utilization is low Output bytes: 3759900344309 (1456 bps) [0] \u003c---------- LT interface utilization is low After loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3765160313129 (2158268368 bps) [5260044187] \u003c---------- LT interface utilization is very high Output bytes: 3765160399522 (2158266440 bps) [5260055213] \u003c---------- LT interface utilization is very high This issue affects: Juniper Networks Junos OS on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960. Versions 15.1F6, 16.1R1, and later versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. This issue does not affect the MX10001. This issue does not affect Juniper Networks Junos OS versions prior to 15.1F6, 16.1R1. Juniper Networks Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 19.4 versions prior to 19.4R2-EVO. This issue does not affect the MX10001."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-670: Always-Incorrect Control Flow Implementation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11164",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11164"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 16.1R7-S8, 17.1R2-S12, 17.2R3-S4, 17.3R3-S8, 17.4R2-S10, 17.4R3-S2, 18.1R3-S10, 18.2R2-S7, 18.2R3-S3, 18.3R1-S7, 18.3R3-S2, 18.4R1-S7, 18.4R2-S4, 18.4R3-S2, 19.1R1-S5, 19.1R2-S1, 19.1R3, 19.2R1-S4, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S1, 19.4R2, 20.1R1, and all subsequent releases.\n\nJunos OS Evolved: 19.4R2-EVO, 20.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11164",
"defect": [
"1478759"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no available workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0273",
"datePublished": "2021-04-22T19:37:28.349412Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T00:26:18.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0232 (GCVE-0-2021-0232)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 23:52
VLAI?
EPSS
Summary
An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details. If the issue occurs, the affected Test Agent will not be able to connect to the Control Center. This issue affects Juniper Networks Paragon Active Assurance Control Center All versions prior to 2.35.6; 2.36 versions prior to 2.36.2.
Severity ?
7.4 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Paragon Active Assurance |
Affected:
unspecified , < 2.35.6
(custom)
Affected: 2.36 , < 2.36.2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11127"
},
{
"name": "FEDORA-2021-761cda0b77",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPCV3KRDI5PLLLKADFVIOHACQJLZMLI/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Paragon Active Assurance Control Center"
],
"product": "Paragon Active Assurance",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "2.35.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "2.36.2",
"status": "affected",
"version": "2.36",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details. If the issue occurs, the affected Test Agent will not be able to connect to the Control Center. This issue affects Juniper Networks Paragon Active Assurance Control Center All versions prior to 2.35.6; 2.36 versions prior to 2.36.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-31T02:06:20",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11127"
},
{
"name": "FEDORA-2021-761cda0b77",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPCV3KRDI5PLLLKADFVIOHACQJLZMLI/"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 2.35.6, 2.36.2, 3.0.0 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11127",
"defect": [
"NF-5939"
],
"discovery": "INTERNAL"
},
"title": "Paragon Active Assurance: Authentication bypass vulnerability in Control Center",
"workarounds": [
{
"lang": "en",
"value": "All \u201cregister-only\u201d users in the system can be removed until software upgrade."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0232",
"STATE": "PUBLIC",
"TITLE": "Paragon Active Assurance: Authentication bypass vulnerability in Control Center"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Paragon Active Assurance",
"version": {
"version_data": [
{
"platform": "Paragon Active Assurance Control Center",
"version_affected": "\u003c",
"version_value": "2.35.6"
},
{
"platform": "Paragon Active Assurance Control Center",
"version_affected": "\u003c",
"version_name": "2.36",
"version_value": "2.36.2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details. If the issue occurs, the affected Test Agent will not be able to connect to the Control Center. This issue affects Juniper Networks Paragon Active Assurance Control Center All versions prior to 2.35.6; 2.36 versions prior to 2.36.2."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11127",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11127"
},
{
"name": "FEDORA-2021-761cda0b77",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNPCV3KRDI5PLLLKADFVIOHACQJLZMLI/"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 2.35.6, 2.36.2, 3.0.0 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11127",
"defect": [
"NF-5939"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "All \u201cregister-only\u201d users in the system can be removed until software upgrade."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0232",
"datePublished": "2021-04-22T19:37:00.678631Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T23:52:13.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0251 (GCVE-0-2021-0251)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 18:56
VLAI?
EPSS
Summary
A NULL Pointer Dereference vulnerability in the Captive Portal Content Delivery (CPCD) services daemon (cpcd) of Juniper Networks Junos OS on MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC allows an attacker to send malformed HTTP packets to the device thereby causing a Denial of Service (DoS), crashing the Multiservices PIC Management Daemon (mspmand) process thereby denying users the ability to login, while concurrently impacting other mspmand services and traffic through the device. Continued receipt and processing of these malformed packets will create a sustained Denial of Service (DoS) condition. While the Services PIC is restarting, all PIC services will be bypassed until the Services PIC completes its boot process. An attacker sending these malformed HTTP packets to the device who is not part of the Captive Portal experience is not able to exploit this issue. This issue is not applicable to MX RE-based CPCD platforms. This issue affects: Juniper Networks Junos OS on MX Series 17.3 version 17.3R1 and later versions prior to 17.4 versions 17.4R2-S9, 17.4R3-S2; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect: Juniper Networks Junos OS versions prior to 17.3R1.
Severity ?
8.6 (High)
CWE
- Denial of Service (DoS)
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Unaffected:
unspecified , < 17.3R1
(custom)
Affected: 17.3R1 , < 17.3* (custom) Affected: 17.4 , < 17.4R2-S9, 17.4R3-S2 (custom) Affected: 18.1 , < 18.1R3-S9 (custom) Affected: 18.2 , < 18.2R3-S3 (custom) Affected: 18.3 , < 18.3R3-S1 (custom) Affected: 18.4 , < 18.4R3 (custom) Affected: 19.1 , < 19.1R2-S2, 19.1R3 (custom) Affected: 19.2 , < 19.2R2 (custom) Affected: 19.3 , < 19.3R3 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11144"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"MX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.3R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "17.3*",
"status": "affected",
"version": "17.3R1",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S9, 17.4R3-S2",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S9",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S1",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R3",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S2, 19.1R3",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The subscriber management services with the captive portal must be enabled to be vulnerable to this issue. \nExample locations:\n\n [system services subscriber-management]\n [services captive-portal-content-delivery]\n [dynamic-profiles \"profile-name\" services] \n [protocols ppp-service] - i.e. configured with subscriber management services."
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A NULL Pointer Dereference vulnerability in the Captive Portal Content Delivery (CPCD) services daemon (cpcd) of Juniper Networks Junos OS on MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC allows an attacker to send malformed HTTP packets to the device thereby causing a Denial of Service (DoS), crashing the Multiservices PIC Management Daemon (mspmand) process thereby denying users the ability to login, while concurrently impacting other mspmand services and traffic through the device. Continued receipt and processing of these malformed packets will create a sustained Denial of Service (DoS) condition. While the Services PIC is restarting, all PIC services will be bypassed until the Services PIC completes its boot process. An attacker sending these malformed HTTP packets to the device who is not part of the Captive Portal experience is not able to exploit this issue. This issue is not applicable to MX RE-based CPCD platforms. This issue affects: Juniper Networks Junos OS on MX Series 17.3 version 17.3R1 and later versions prior to 17.4 versions 17.4R2-S9, 17.4R3-S2; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect: Juniper Networks Junos OS versions prior to 17.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:13",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11144"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 17.4R2-S9, 17.4R3-S2, 18.1R3-S9, 18.2R3-S3, 18.3R3-S1, 18.4R3, 19.1R2-S2, 19.1R3, 19.2R2, 19.3R3, 19.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11144",
"defect": [
"1445812"
],
"discovery": "USER"
},
"title": "Junos OS: MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC: The BRAS Subscriber Services service activation portal is vulnerable to a Denial of Service (DoS) via malformed HTTP packets",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue other than disabling the captive portal services."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0251",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC: The BRAS Subscriber Services service activation portal is vulnerable to a Denial of Service (DoS) via malformed HTTP packets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": "\u003e=",
"version_name": "17.3",
"version_value": "17.3R1"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S9, 17.4R3-S2"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S9"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S1"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R2"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3"
},
{
"platform": "MX Series",
"version_affected": "!\u003c",
"version_value": "17.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The subscriber management services with the captive portal must be enabled to be vulnerable to this issue. \nExample locations:\n\n [system services subscriber-management]\n [services captive-portal-content-delivery]\n [dynamic-profiles \"profile-name\" services] \n [protocols ppp-service] - i.e. configured with subscriber management services."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL Pointer Dereference vulnerability in the Captive Portal Content Delivery (CPCD) services daemon (cpcd) of Juniper Networks Junos OS on MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC allows an attacker to send malformed HTTP packets to the device thereby causing a Denial of Service (DoS), crashing the Multiservices PIC Management Daemon (mspmand) process thereby denying users the ability to login, while concurrently impacting other mspmand services and traffic through the device. Continued receipt and processing of these malformed packets will create a sustained Denial of Service (DoS) condition. While the Services PIC is restarting, all PIC services will be bypassed until the Services PIC completes its boot process. An attacker sending these malformed HTTP packets to the device who is not part of the Captive Portal experience is not able to exploit this issue. This issue is not applicable to MX RE-based CPCD platforms. This issue affects: Juniper Networks Junos OS on MX Series 17.3 version 17.3R1 and later versions prior to 17.4 versions 17.4R2-S9, 17.4R3-S2; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect: Juniper Networks Junos OS versions prior to 17.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11144",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11144"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 17.4R2-S9, 17.4R3-S2, 18.1R3-S9, 18.2R3-S3, 18.3R3-S1, 18.4R3, 19.1R2-S2, 19.1R3, 19.2R2, 19.3R3, 19.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11144",
"defect": [
"1445812"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue other than disabling the captive portal services."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0251",
"datePublished": "2021-04-22T19:37:13.448089Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T18:56:25.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0275 (GCVE-0-2021-0275)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 00:41
VLAI?
EPSS
Summary
A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privileges as the user. If the user has root privileges, the attacker may be able to gain full control of the device. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 15.1 versions prior to 15.1R7-S6 on EX Series; 15.1X49 versions prior to 15.1X49-D200 on SRX Series; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11, 16.2R3; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2.
Severity ?
8.8 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
12.3 , < 12.3R12-S15
(custom)
Affected: 15.1 , < 15.1R7-S6 (custom) |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"EX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3R12-S15",
"status": "affected",
"version": "12.3",
"versionType": "custom"
},
{
"lessThan": "15.1R7-S6",
"status": "affected",
"version": "15.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3X48-D95",
"status": "affected",
"version": "12.3X48",
"versionType": "custom"
},
{
"lessThan": "15.1X49-D200",
"status": "affected",
"version": "15.1X49",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "16.1R7-S7",
"status": "affected",
"version": "16.1",
"versionType": "custom"
},
{
"lessThan": "16.2R2-S11, 16.2R3",
"status": "affected",
"version": "16.2",
"versionType": "custom"
},
{
"lessThan": "17.1R2-S11, 17.1R3-S2",
"status": "affected",
"version": "17.1",
"versionType": "custom"
},
{
"lessThan": "17.2R3-S3",
"status": "affected",
"version": "17.2",
"versionType": "custom"
},
{
"lessThan": "17.3R2-S5, 17.3R3-S7",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S9, 17.4R3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S9",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S7, 18.2R3-S3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R1-S7, 18.3R2-S3, 18.3R3-S1",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S6, 18.4R2-S4, 18.4R3",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S1, 19.1R3",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S3, 19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following minimal configuration is necessary: \n\n [system services web-management http]\nor\n [system services web-management https]"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user\u0027s session thereby gaining access to the users session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privileges as the user. If the user has root privileges, the attacker may be able to gain full control of the device. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 15.1 versions prior to 15.1R7-S6 on EX Series; 15.1X49 versions prior to 15.1X49-D200 on SRX Series; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11, 16.2R3; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:29",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11166"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 12.3R12-S15, 12.3X48-D95, 15.1R7-S6, 15.1X49-D200, 16.1R7-S7, 16.2R2-S11, 16.2R3, 17.1R2-S11, 17.1R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R3-S7, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R2-S7, 18.2R3-S3, 18.3R1-S7, 18.3R2-S3, 18.3R3-S1, 18.4R1-S6, 18.4R2-S4, 18.4R3, 19.1R2-S1, 19.1R3, 19.2R1-S3, 19.2R2, 19.3R2, 19.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11166",
"defect": [
"1460150"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: J-Web: Cross-site scripting attack allows an attacker to gain control of another users session.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue other than disabling J-Web.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to J-Web to only trusted administrative networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0275",
"STATE": "PUBLIC",
"TITLE": "Junos OS: J-Web: Cross-site scripting attack allows an attacker to gain control of another users session."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX Series",
"version_affected": "\u003c",
"version_name": "12.3",
"version_value": "12.3R12-S15"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "12.3X48",
"version_value": "12.3X48-D95"
},
{
"platform": "EX Series",
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S6"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "15.1X49",
"version_value": "15.1X49-D200"
},
{
"version_affected": "\u003c",
"version_name": "16.1",
"version_value": "16.1R7-S7"
},
{
"version_affected": "\u003c",
"version_name": "16.2",
"version_value": "16.2R2-S11, 16.2R3"
},
{
"version_affected": "\u003c",
"version_name": "17.1",
"version_value": "17.1R2-S11, 17.1R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "17.2",
"version_value": "17.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R2-S5, 17.3R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S9, 17.4R3"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S9"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R1-S7, 18.3R2-S3, 18.3R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S6, 18.4R2-S4, 18.4R3"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S1, 19.1R3"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S3, 19.2R2"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The following minimal configuration is necessary: \n\n [system services web-management http]\nor\n [system services web-management https]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user\u0027s session thereby gaining access to the users session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privileges as the user. If the user has root privileges, the attacker may be able to gain full control of the device. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 15.1 versions prior to 15.1R7-S6 on EX Series; 15.1X49 versions prior to 15.1X49-D200 on SRX Series; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11, 16.2R3; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11166",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11166"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 12.3R12-S15, 12.3X48-D95, 15.1R7-S6, 15.1X49-D200, 16.1R7-S7, 16.2R2-S11, 16.2R3, 17.1R2-S11, 17.1R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R3-S7, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R2-S7, 18.2R3-S3, 18.3R1-S7, 18.3R2-S3, 18.3R3-S1, 18.4R1-S6, 18.4R2-S4, 18.4R3, 19.1R2-S1, 19.1R3, 19.2R1-S3, 19.2R2, 19.3R2, 19.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11166",
"defect": [
"1460150"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue other than disabling J-Web.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to J-Web to only trusted administrative networks, hosts and users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0275",
"datePublished": "2021-04-22T19:37:29.087869Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T00:41:52.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0265 (GCVE-0-2021-0265)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 18:19
VLAI?
EPSS
Summary
An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus granting the attacker full control over the environment. This issue affects: Juniper Networks AppFormix 3 versions prior to 3.1.22, 3.2.14, 3.3.0.
Severity ?
8.1 (High)
CWE
- Remote Command Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Contrail Insights |
Affected:
3 , < 3.1.22, 3.2.14, 3.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contrail Insights",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "3.1.22, 3.2.14, 3.3.0",
"status": "affected",
"version": "3",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus granting the attacker full control over the environment. This issue affects: Juniper Networks AppFormix 3 versions prior to 3.1.22, 3.2.14, 3.3.0."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:22",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11156"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: AppFormix 3.1.22, 3.2.14, 3.3.0, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11156",
"defect": [
"AP-1330"
],
"discovery": "USER"
},
"title": "Contrail Insights: The REST API implementation allows an unauthenticated remote attacker to execute commands as root.",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0265",
"STATE": "PUBLIC",
"TITLE": "Contrail Insights: The REST API implementation allows an unauthenticated remote attacker to execute commands as root."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contrail Insights",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3",
"version_value": "3.1.22, 3.2.14, 3.3.0"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus granting the attacker full control over the environment. This issue affects: Juniper Networks AppFormix 3 versions prior to 3.1.22, 3.2.14, 3.3.0."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11156",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11156"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: AppFormix 3.1.22, 3.2.14, 3.3.0, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11156",
"defect": [
"AP-1330"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0265",
"datePublished": "2021-04-22T19:37:22.989145Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T18:19:35.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0266 (GCVE-0-2021-0266)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 03:13
VLAI?
EPSS
Summary
The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2.
Severity ?
8.1 (High)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Keys
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 20.2R3
(custom)
Affected: 20.3 , < 20.3R2 (custom) Affected: 20.4 , < 20.4R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"cSRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.2R3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R2",
"status": "affected",
"version": "20.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Keys",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:23",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11157"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 20.2R3, 20.3R2, 20.4R2, 21.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11157",
"defect": [
"1564611"
],
"discovery": "INTERNAL"
},
"title": "cSRX: Use of Hard-coded Cryptographic Keys allows an attacker to take control of the device through device management services.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue. \n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to the cSRX instance to only trusted administrative networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0266",
"STATE": "PUBLIC",
"TITLE": "cSRX: Use of Hard-coded Cryptographic Keys allows an attacker to take control of the device through device management services."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "cSRX Series",
"version_affected": "\u003c",
"version_value": "20.2R3"
},
{
"platform": "cSRX Series",
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R2"
},
{
"platform": "cSRX Series",
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321 Use of Hard-coded Cryptographic Keys"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11157",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11157"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 20.2R3, 20.3R2, 20.4R2, 21.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11157",
"defect": [
"1564611"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue. \n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to the cSRX instance to only trusted administrative networks, hosts and users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0266",
"datePublished": "2021-04-22T19:37:23.655216Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T03:13:48.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0272 (GCVE-0-2021-0272)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 02:26
VLAI?
EPSS
Summary
A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexible PIC Concentrators (FPCs) on Juniper Networks Junos OS allows an attacker to send genuine packets destined to the device to cause a Denial of Service (DoS) to the device. On QFX10002-32Q, QFX10002-60C, QFX10002-72Q devices the device will crash and restart. On QFX10008, QFX10016 devices, depending on the number of FPCs involved in an attack, one more more FPCs may crash and traffic through the device may be degraded in other ways, until the attack traffic stops. A reboot is required to restore service and clear the kernel memory. Continued receipt and processing of these genuine packets will create a sustained Denial of Service (DoS) condition. On QFX10008, QFX10016 devices, an indicator of compromise may be the existence of DCPFE core files. You can also monitor PFE memory utilization for incremental growth: user@qfx-RE:0% cprod -A fpc0 -c "show heap 0" | grep -i ke 0 3788a1b0 3221225048 2417120656 804104392 24 Kernel user@qfx-RE:0% cprod -A fpc0 -c "show heap 0" | grep -i ke 0 3788a1b0 3221225048 2332332200 888892848 27 Kernel This issue affects: Juniper Networks Junos OS on QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016: 16.1 versions 16.1R1 and above prior to 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R3-S2; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2. This issue does not affect releases prior to Junos OS 16.1R1. This issue does not affect EX Series devices. This issue does not affect Junos OS Evolved.
Severity ?
6.5 (Medium)
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
- Denial of Service (DoS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Unaffected:
unspecified , < 16.1R1
(custom)
Affected: 17.3 , < 17.3R3-S9 (custom) Affected: 17.4 , < 17.4R3-S2 (custom) Affected: 18.1 , < 18.1R3-S11 (custom) Affected: 18.2 , < 18.2R3-S5 (custom) Affected: 18.3 , < 18.3R3-S3 (custom) Affected: 18.4 , < 18.4R2-S5, 18.4R3-S4 (custom) Affected: 19.1 , < 19.1R3-S2 (custom) Affected: 19.2 , < 19.2R3 (custom) Affected: 19.3 , < 19.3R3 (custom) Affected: 19.4 , < 19.4R3 (custom) Affected: 20.1 , < 20.1R2 (custom) Affected: 16.1R1 , < 16.1* (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11163"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/KB32854"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "16.1R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S9",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R3-S2",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S11",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S5",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S3",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S5, 18.4R3-S4",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S2",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R3",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "16.1*",
"status": "affected",
"version": "16.1R1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue occurs in composite next hop EVPN-VXLAN scenarios, chained-composite-next-hop (CHN) being configured is not a requirement but can still affect EVPN pure type 5 with VXLAN encapsulation deployments.\n\nSee https://kb.juniper.net/KB32854 for further configuration details.\n\n\n # configure access links:\n [interfaces \u003c\u003e unit 0 family ethernet-switching interface-mode trunk]\n [interfaces \u003c\u003e unit 0 family ethernet-switching vlan-members \u003c\u003e]\n ...\n # configure the core link\n [interfaces \u003c\u003e unit 0 family inet address \u003c\u003e]\n \n # configure loopback address\n [interfaces lo0 unit 0 family inet address \u003c\u003e]\n \n # configure IRB\n [interfaces irb unit 1 family inet address \u003c\u003e]\n \n # evpn\n [protocols evpn encapsulation vxlan]\n [protocols evpn extended-vni-list \u003c\u003e]\n [routing-options router-id \u003c\u003e]\n [routing-options autonomous-system 100]\n \n [protocols bgp group pe type internal]\n [protocols bgp group pe local-address \u003c\u003e]\n [protocols bgp group pe family evpn signaling]\n [protocols bgp group pe neighbor \u003c\u003e]\n \n [protocols ospf area 0.0.0.0 interface lo0 passive]\n [protocols ospf area 0.0.0.0 interface \u003c\u003e]\n \n [switch-options route-distinguisher \u003c\u003e]\n [switch-options vrf-target target:1:1]\n [switch-options vtep-source-interface lo0.0]\n \n [vlans \u003c\u003e vlan-id \u003c\u003e]\n [vlans \u003c\u003e vxlan vni \u003c\u003e]\n [vlans \u003c\u003e l3-interface irb.1]"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexible PIC Concentrators (FPCs) on Juniper Networks Junos OS allows an attacker to send genuine packets destined to the device to cause a Denial of Service (DoS) to the device. On QFX10002-32Q, QFX10002-60C, QFX10002-72Q devices the device will crash and restart. On QFX10008, QFX10016 devices, depending on the number of FPCs involved in an attack, one more more FPCs may crash and traffic through the device may be degraded in other ways, until the attack traffic stops. A reboot is required to restore service and clear the kernel memory. Continued receipt and processing of these genuine packets will create a sustained Denial of Service (DoS) condition. On QFX10008, QFX10016 devices, an indicator of compromise may be the existence of DCPFE core files. You can also monitor PFE memory utilization for incremental growth: user@qfx-RE:0% cprod -A fpc0 -c \"show heap 0\" | grep -i ke 0 3788a1b0 3221225048 2417120656 804104392 24 Kernel user@qfx-RE:0% cprod -A fpc0 -c \"show heap 0\" | grep -i ke 0 3788a1b0 3221225048 2332332200 888892848 27 Kernel This issue affects: Juniper Networks Junos OS on QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016: 16.1 versions 16.1R1 and above prior to 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R3-S2; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2. This issue does not affect releases prior to Junos OS 16.1R1. This issue does not affect EX Series devices. This issue does not affect Junos OS Evolved."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:27",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11163"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/KB32854"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 17.3R3-S9, 17.4R3-S2, 18.1R3-S11, 18.2R3-S5, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R3, 19.3R3, 19.4R3, 20.1R2, 20.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11163",
"defect": [
"1486614"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016: In EVPN-VXLAN scenarios receipt of specific genuine packets by an adjacent attacker will cause a kernel memory leak in FPC.",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0272",
"STATE": "PUBLIC",
"TITLE": "Junos OS: QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016: In EVPN-VXLAN scenarios receipt of specific genuine packets by an adjacent attacker will cause a kernel memory leak in FPC."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S9"
},
{
"platform": "QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R3-S2"
},
{
"platform": "QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"platform": "QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S5"
},
{
"platform": "QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S3"
},
{
"platform": "QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S4"
},
{
"platform": "QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S2"
},
{
"platform": "QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R3"
},
{
"platform": "QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3"
},
{
"platform": "QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3"
},
{
"platform": "QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2"
},
{
"platform": "QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016",
"version_affected": "\u003e=",
"version_name": "16.1",
"version_value": "16.1R1"
},
{
"platform": "QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016",
"version_affected": "!\u003c",
"version_value": "16.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue occurs in composite next hop EVPN-VXLAN scenarios, chained-composite-next-hop (CHN) being configured is not a requirement but can still affect EVPN pure type 5 with VXLAN encapsulation deployments.\n\nSee https://kb.juniper.net/KB32854 for further configuration details.\n\n\n # configure access links:\n [interfaces \u003c\u003e unit 0 family ethernet-switching interface-mode trunk]\n [interfaces \u003c\u003e unit 0 family ethernet-switching vlan-members \u003c\u003e]\n ...\n # configure the core link\n [interfaces \u003c\u003e unit 0 family inet address \u003c\u003e]\n \n # configure loopback address\n [interfaces lo0 unit 0 family inet address \u003c\u003e]\n \n # configure IRB\n [interfaces irb unit 1 family inet address \u003c\u003e]\n \n # evpn\n [protocols evpn encapsulation vxlan]\n [protocols evpn extended-vni-list \u003c\u003e]\n [routing-options router-id \u003c\u003e]\n [routing-options autonomous-system 100]\n \n [protocols bgp group pe type internal]\n [protocols bgp group pe local-address \u003c\u003e]\n [protocols bgp group pe family evpn signaling]\n [protocols bgp group pe neighbor \u003c\u003e]\n \n [protocols ospf area 0.0.0.0 interface lo0 passive]\n [protocols ospf area 0.0.0.0 interface \u003c\u003e]\n \n [switch-options route-distinguisher \u003c\u003e]\n [switch-options vrf-target target:1:1]\n [switch-options vtep-source-interface lo0.0]\n \n [vlans \u003c\u003e vlan-id \u003c\u003e]\n [vlans \u003c\u003e vxlan vni \u003c\u003e]\n [vlans \u003c\u003e l3-interface irb.1]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexible PIC Concentrators (FPCs) on Juniper Networks Junos OS allows an attacker to send genuine packets destined to the device to cause a Denial of Service (DoS) to the device. On QFX10002-32Q, QFX10002-60C, QFX10002-72Q devices the device will crash and restart. On QFX10008, QFX10016 devices, depending on the number of FPCs involved in an attack, one more more FPCs may crash and traffic through the device may be degraded in other ways, until the attack traffic stops. A reboot is required to restore service and clear the kernel memory. Continued receipt and processing of these genuine packets will create a sustained Denial of Service (DoS) condition. On QFX10008, QFX10016 devices, an indicator of compromise may be the existence of DCPFE core files. You can also monitor PFE memory utilization for incremental growth: user@qfx-RE:0% cprod -A fpc0 -c \"show heap 0\" | grep -i ke 0 3788a1b0 3221225048 2417120656 804104392 24 Kernel user@qfx-RE:0% cprod -A fpc0 -c \"show heap 0\" | grep -i ke 0 3788a1b0 3221225048 2332332200 888892848 27 Kernel This issue affects: Juniper Networks Junos OS on QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016: 16.1 versions 16.1R1 and above prior to 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R3-S2; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2. This issue does not affect releases prior to Junos OS 16.1R1. This issue does not affect EX Series devices. This issue does not affect Junos OS Evolved."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Missing Release of Memory after Effective Lifetime"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11163",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11163"
},
{
"name": "https://kb.juniper.net/KB32854",
"refsource": "MISC",
"url": "https://kb.juniper.net/KB32854"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 17.3R3-S9, 17.4R3-S2, 18.1R3-S11, 18.2R3-S5, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R3, 19.3R3, 19.4R3, 20.1R2, 20.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11163",
"defect": [
"1486614"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0272",
"datePublished": "2021-04-22T19:37:27.674737Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T02:26:24.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0236 (GCVE-0-2021-0236)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 19:15
VLAI?
EPSS
Summary
Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only Multiprotocol BGP (MP-BGP) VPNv6 FlowSpec deployments. This issue affects: Juniper Networks Junos OS: 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS Evolved: All versions after 18.4R1-EVO prior to 20.3R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 18.4R1. Juniper Networks Junos OS Evolved versions prior to 18.4R1-EVO.
Severity ?
6.5 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
- Denial of Service (DoS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Unaffected:
unspecified , < 18.4R1
(custom)
Affected: 18.4 , < 18.4R1-S8, 18.4R2-S7, 18.4R3-S7 (custom) Affected: 19.1 , < 19.1R2-S2, 19.1R3-S4 (custom) Affected: 19.2 , < 19.2R1-S6, 19.2R3-S2 (custom) Affected: 19.3 , < 19.3R3-S2 (custom) Affected: 19.4 , < 19.4R2-S4, 19.4R3-S1 (custom) Affected: 20.1 , < 20.1R2, 20.1R3, 20.1R3-EVO (custom) Affected: 20.2 , < 20.2R2, 20.2R3, 20.2R3-EVO (custom) Affected: 20.3 , < 20.3R1-S1, 20.3R2, 20.3R2-EVO (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11131"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.4R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S8, 18.4R2-S7, 18.4R3-S7",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S2, 19.1R3-S4",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S6, 19.2R3-S2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S4, 19.4R3-S1",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2, 20.1R3, 20.1R3-EVO",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2, 20.2R3, 20.2R3-EVO",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R1-S1, 20.3R2, 20.3R2-EVO",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.4R1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.3R2-EVO",
"status": "affected",
"version": "20.3-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The examples of the config stanza affected by this issue:\n [ protocols bgp group \u003cgroup-name\u003e family inet6-vpn flow ]"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only Multiprotocol BGP (MP-BGP) VPNv6 FlowSpec deployments. This issue affects: Juniper Networks Junos OS: 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS Evolved: All versions after 18.4R1-EVO prior to 20.3R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 18.4R1. Juniper Networks Junos OS Evolved versions prior to 18.4R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:03",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11131"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 18.4R1-S8, 18.4R2-S7, 18.4R3-S7, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R3-S2, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.1R3, 20.2R2, 20.2R3, 20.3R1-S1, 20.3R2, 20.4R1 and all subsequent releases.\n\nJunos OS Evolved: 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11131",
"defect": [
"1537085"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: A specific BGP VPNv6 flowspec message causes routing protocol daemon (rpd) process to crash with a core.",
"workarounds": [
{
"lang": "en",
"value": "Do not configure \"family inet6-vpn flow\" under BGP if no inet6-vpn routes are required to be received."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0236",
"STATE": "PUBLIC",
"TITLE": "Junos OS: A specific BGP VPNv6 flowspec message causes routing protocol daemon (rpd) process to crash with a core."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "!\u003c",
"version_value": "18.4R1"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S8, 18.4R2-S7, 18.4R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S6, 19.2R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S4, 19.4R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2, 20.1R3, 20.1R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2, 20.2R3, 20.2R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R1-S1, 20.3R2, 20.3R2-EVO"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "!\u003c",
"version_value": "18.4R1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.3-EVO",
"version_value": "20.3R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The examples of the config stanza affected by this issue:\n [ protocols bgp group \u003cgroup-name\u003e family inet6-vpn flow ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only Multiprotocol BGP (MP-BGP) VPNv6 FlowSpec deployments. This issue affects: Juniper Networks Junos OS: 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS Evolved: All versions after 18.4R1-EVO prior to 20.3R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 18.4R1. Juniper Networks Junos OS Evolved versions prior to 18.4R1-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11131",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11131"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 18.4R1-S8, 18.4R2-S7, 18.4R3-S7, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R3-S2, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.1R3, 20.2R2, 20.2R3, 20.3R1-S1, 20.3R2, 20.4R1 and all subsequent releases.\n\nJunos OS Evolved: 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11131",
"defect": [
"1537085"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Do not configure \"family inet6-vpn flow\" under BGP if no inet6-vpn routes are required to be received."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0236",
"datePublished": "2021-04-22T19:37:03.319394Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T19:15:47.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0264 (GCVE-0-2021-0264)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 20:37
VLAI?
EPSS
Summary
A vulnerability in the processing of traffic matching a firewall filter containing a syslog action in Juniper Networks Junos OS on MX Series with MPC10/MPC11 cards installed, PTX10003 and PTX10008 Series devices, will cause the line card to crash and restart, creating a Denial of Service (DoS). Continued receipt and processing of packets matching the firewall filter can create a sustained Denial of Service (DoS) condition. When traffic hits the firewall filter, configured on lo0 or any physical interface on the line card, containing a term with a syslog action (e.g. 'term <name> then syslog'), the affected line card will crash and restart, impacting traffic processing through the ports of the line card. This issue only affects MX Series routers with MPC10 or MPC11 line cards, and PTX10003 or PTX10008 Series packet transport routers. No other platforms or models of line cards are affected by this issue. Note: This issue has also been identified and described in technical service bulletin TSB17931 (login required). This issue affects: Juniper Networks Junos OS on MX Series: 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved on PTX10003, PTX10008: All versions prior to 20.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1.
Severity ?
5.9 (Medium)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
- Denial of Service (DoS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Unaffected:
unspecified , < 19.3R1
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/TSB17931"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.3R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"MX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2-S2, 20.2R3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R2",
"status": "affected",
"version": "20.4",
"versionType": "custom"
}
]
},
{
"platforms": [
"PTX10003, PTX10008"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R2-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "An example of a vulnerable configuration is shown below:\n\n user@router\u003eshow configuration firewall family inet filter protect-re | display set\n set firewall family inet filter protect-re term reject-everything-else then count discard-counter\n set firewall family inet filter protect-re term reject-everything-else then syslog\n set firewall family inet filter protect-re term reject-everything-else then discard"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the processing of traffic matching a firewall filter containing a syslog action in Juniper Networks Junos OS on MX Series with MPC10/MPC11 cards installed, PTX10003 and PTX10008 Series devices, will cause the line card to crash and restart, creating a Denial of Service (DoS). Continued receipt and processing of packets matching the firewall filter can create a sustained Denial of Service (DoS) condition. When traffic hits the firewall filter, configured on lo0 or any physical interface on the line card, containing a term with a syslog action (e.g. \u0027term \u003cname\u003e then syslog\u0027), the affected line card will crash and restart, impacting traffic processing through the ports of the line card. This issue only affects MX Series routers with MPC10 or MPC11 line cards, and PTX10003 or PTX10008 Series packet transport routers. No other platforms or models of line cards are affected by this issue. Note: This issue has also been identified and described in technical service bulletin TSB17931 (login required). This issue affects: Juniper Networks Junos OS on MX Series: 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved on PTX10003, PTX10008: All versions prior to 20.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:22",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/TSB17931"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS 19.4R3-S2, 20.1R3, 20.2R2-S2, 20.2R3, 20.3R3, 20.4R2, 21.1R1, and all subsequent releases.\n\nJunos OS Evolved 20.4R2-EVO, 21.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11155",
"defect": [
"1559174"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: MX Series with MPC10/MPC11, PTX10003, PTX10008: Line card may crash and restart when traffic is hitting a firewall filter having a term with syslog action configured",
"workarounds": [
{
"lang": "en",
"value": "Remove the \"syslog\" action from the firewall filter configuration."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0264",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: MX Series with MPC10/MPC11, PTX10003, PTX10008: Line card may crash and restart when traffic is hitting a firewall filter having a term with syslog action configured"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "!\u003c",
"version_value": "19.3R1"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S2"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3-S2"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2-S2, 20.2R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"platform": "PTX10003, PTX10008",
"version_affected": "\u003c",
"version_value": "20.4R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "An example of a vulnerable configuration is shown below:\n\n user@router\u003eshow configuration firewall family inet filter protect-re | display set\n set firewall family inet filter protect-re term reject-everything-else then count discard-counter\n set firewall family inet filter protect-re term reject-everything-else then syslog\n set firewall family inet filter protect-re term reject-everything-else then discard"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the processing of traffic matching a firewall filter containing a syslog action in Juniper Networks Junos OS on MX Series with MPC10/MPC11 cards installed, PTX10003 and PTX10008 Series devices, will cause the line card to crash and restart, creating a Denial of Service (DoS). Continued receipt and processing of packets matching the firewall filter can create a sustained Denial of Service (DoS) condition. When traffic hits the firewall filter, configured on lo0 or any physical interface on the line card, containing a term with a syslog action (e.g. \u0027term \u003cname\u003e then syslog\u0027), the affected line card will crash and restart, impacting traffic processing through the ports of the line card. This issue only affects MX Series routers with MPC10 or MPC11 line cards, and PTX10003 or PTX10008 Series packet transport routers. No other platforms or models of line cards are affected by this issue. Note: This issue has also been identified and described in technical service bulletin TSB17931 (login required). This issue affects: Juniper Networks Junos OS on MX Series: 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved on PTX10003, PTX10008: All versions prior to 20.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-703 Improper Check or Handling of Exceptional Conditions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11155",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11155"
},
{
"name": "https://kb.juniper.net/TSB17931",
"refsource": "MISC",
"url": "https://kb.juniper.net/TSB17931"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS 19.4R3-S2, 20.1R3, 20.2R2-S2, 20.2R3, 20.3R3, 20.4R2, 21.1R1, and all subsequent releases.\n\nJunos OS Evolved 20.4R2-EVO, 21.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11155",
"defect": [
"1559174"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Remove the \"syslog\" action from the firewall filter configuration."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0264",
"datePublished": "2021-04-22T19:37:22.213763Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T20:37:12.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0250 (GCVE-0-2021-0250)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 00:20
VLAI?
EPSS
Summary
In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing Protocol Daemon (RPD) process of Juniper Networks Junos OS allows an attacker to send a specific crafted BGP update message causing the RPD service to core, creating a Denial of Service (DoS) Condition. Continued receipt and processing of this update message will create a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 environments. This issue affects: Juniper Networks Junos OS 17.4 versions 17.4R1 and above prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2, This issue does not affect Junos OS releases prior to 17.4R1. This issue affects: Juniper Networks Junos OS Evolved 19.2-EVO versions prior to 19.2R2-EVO.
Severity ?
7.5 (High)
CWE
- Denial of Service (DoS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
17.4R1 , < unspecified
(custom)
Affected: 17.4 , < 17.4R2-S6, 17.4R3 (custom) Affected: 18.1 , < 18.1R3-S7 (custom) Affected: 18.2 , < 18.2R2-S6, 18.2R3-S3 (custom) Affected: 18.3 , < 18.3R1-S7, 18.3R2-S3, 18.3R3 (custom) Affected: 18.4 , < 18.4R1-S5, 18.4R2-S3, 18.4R3 (custom) Affected: 19.1 , < 19.1R1-S4, 19.1R2 (custom) Affected: 19.2 , < 19.2R1-S3, 19.2R2 (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11143"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "17.4R1",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S6, 17.4R3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S7",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S6, 18.2R3-S3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R1-S7, 18.3R2-S3, 18.3R3",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S5, 18.4R2-S3, 18.4R3",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S4, 19.1R2",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S3, 19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.2R2-EVO",
"status": "affected",
"version": "19.2-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue requires a SRTE topology using BGP with BGP Monitoring Protocol to be enabled. \nFor example: \n [routing-options bmp]"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing Protocol Daemon (RPD) process of Juniper Networks Junos OS allows an attacker to send a specific crafted BGP update message causing the RPD service to core, creating a Denial of Service (DoS) Condition. Continued receipt and processing of this update message will create a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 environments. This issue affects: Juniper Networks Junos OS 17.4 versions 17.4R1 and above prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2, This issue does not affect Junos OS releases prior to 17.4R1. This issue affects: Juniper Networks Junos OS Evolved 19.2-EVO versions prior to 19.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:12",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11143"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 17.4R2-S6, 17.4R3, 18.1R3-S7, 18.2R2-S6, 18.2R3-S3, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2, 19.2R1-S3, 19.2R2, 19.3R1, and all subsequent releases.\nJunos OS Evolved: 19.2R2-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11143",
"defect": [
"1442721"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: An attacker sending a specific crafted BGP update message will crash RPD",
"workarounds": [
{
"lang": "en",
"value": "Disable BGP monitoring protocol until a fix can be applied."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0250",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: An attacker sending a specific crafted BGP update message will crash RPD"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "17.4R1"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S6, 17.4R3"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S6, 18.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R1-S7, 18.3R2-S3, 18.3R3"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S5, 18.4R2-S3, 18.4R3"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S4, 19.1R2"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S3, 19.2R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "19.2-EVO",
"version_value": "19.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue requires a SRTE topology using BGP with BGP Monitoring Protocol to be enabled. \nFor example: \n [routing-options bmp]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing Protocol Daemon (RPD) process of Juniper Networks Junos OS allows an attacker to send a specific crafted BGP update message causing the RPD service to core, creating a Denial of Service (DoS) Condition. Continued receipt and processing of this update message will create a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 environments. This issue affects: Juniper Networks Junos OS 17.4 versions 17.4R1 and above prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2, This issue does not affect Junos OS releases prior to 17.4R1. This issue affects: Juniper Networks Junos OS Evolved 19.2-EVO versions prior to 19.2R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11143",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11143"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 17.4R2-S6, 17.4R3, 18.1R3-S7, 18.2R2-S6, 18.2R3-S3, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2, 19.2R1-S3, 19.2R2, 19.3R1, and all subsequent releases.\nJunos OS Evolved: 19.2R2-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11143",
"defect": [
"1442721"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Disable BGP monitoring protocol until a fix can be applied."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0250",
"datePublished": "2021-04-22T19:37:12.802278Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T00:20:57.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0234 (GCVE-0-2021-0234)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 03:52
VLAI?
EPSS
Summary
Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices with QFX 5e Series image installed, ddos-protection configuration changes will not take effect beyond the default DDoS (Distributed Denial of Service) settings when configured from the CLI. The DDoS protection (jddosd) daemon allows the device to continue to function while protecting the packet forwarding engine (PFE) during the DDoS attack. When this issue occurs, the default DDoS settings within the PFE apply, as CPU bound packets will be throttled and dropped in the PFE when the limits are exceeded. To check if the device has this issue, the administrator can execute the following command to monitor the status of DDoS protection: user@device> show ddos-protection protocols error: the ddos-protection subsystem is not running This issue affects only QFX5100-96S devices. No other products or platforms are affected by this issue. This issue affects: Juniper Networks Junos OS on QFX5100-96S: 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R3, 19.1R3-S4; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2;
Severity ?
5.8 (Medium)
CWE
- Denial of Service (DoS)
- CWE-665 - Improper Initialization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
17.3 , < 17.3R3-S10
(custom)
Affected: 17.4 , < 17.4R3-S4 (custom) Affected: 18.1 , < 18.1R3-S10 (custom) Affected: 18.2 , < 18.2R3-S3 (custom) Affected: 18.3 , < 18.3R3-S2 (custom) Affected: 18.4 , < 18.4R2-S4, 18.4R3-S1 (custom) Affected: 19.1 , < 19.1R3, 19.1R3-S4 (custom) Affected: 19.2 , < 19.2R2 (custom) Affected: 19.3 , < 19.3R3 (custom) Affected: 19.4 , < 19.4R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:09.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11129"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QFX5100-96S"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.3R3-S10",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R3-S4",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S10",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S2",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S4, 18.4R3-S1",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3, 19.1R3-S4",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The DDoS feature is enabled by default, there is no specific config stanza required to enable DDoS protection."
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices with QFX 5e Series image installed, ddos-protection configuration changes will not take effect beyond the default DDoS (Distributed Denial of Service) settings when configured from the CLI. The DDoS protection (jddosd) daemon allows the device to continue to function while protecting the packet forwarding engine (PFE) during the DDoS attack. When this issue occurs, the default DDoS settings within the PFE apply, as CPU bound packets will be throttled and dropped in the PFE when the limits are exceeded. To check if the device has this issue, the administrator can execute the following command to monitor the status of DDoS protection: user@device\u003e show ddos-protection protocols error: the ddos-protection subsystem is not running This issue affects only QFX5100-96S devices. No other products or platforms are affected by this issue. This issue affects: Juniper Networks Junos OS on QFX5100-96S: 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R3, 19.1R3-S4; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2;"
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11129"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 17.3R3-S10, 17.4R3-S4, 18.1R3-S10, 18.2R3-S3, 18.3R3-S2, 18.4R2-S4, 18.4R3-S1, 19.1R3, 19.1R3-S4, 19.2R2, 19.3R3, 19.4R2, 20.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11129",
"defect": [
"1486480"
],
"discovery": "USER"
},
"title": "Junos OS: QFX5100-96S: DDoS protection does not work as expected.",
"workarounds": [
{
"lang": "en",
"value": "The following command can be used to enable ddos-protection manually:\nroot@device% /usr/sbin/jddosd -N \u0026"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0234",
"STATE": "PUBLIC",
"TITLE": "Junos OS: QFX5100-96S: DDoS protection does not work as expected."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "QFX5100-96S",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S10"
},
{
"platform": "QFX5100-96S",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R3-S4"
},
{
"platform": "QFX5100-96S",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"platform": "QFX5100-96S",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S3"
},
{
"platform": "QFX5100-96S",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S2"
},
{
"platform": "QFX5100-96S",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S4, 18.4R3-S1"
},
{
"platform": "QFX5100-96S",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3, 19.1R3-S4"
},
{
"platform": "QFX5100-96S",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R2"
},
{
"platform": "QFX5100-96S",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3"
},
{
"platform": "QFX5100-96S",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The DDoS feature is enabled by default, there is no specific config stanza required to enable DDoS protection."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices with QFX 5e Series image installed, ddos-protection configuration changes will not take effect beyond the default DDoS (Distributed Denial of Service) settings when configured from the CLI. The DDoS protection (jddosd) daemon allows the device to continue to function while protecting the packet forwarding engine (PFE) during the DDoS attack. When this issue occurs, the default DDoS settings within the PFE apply, as CPU bound packets will be throttled and dropped in the PFE when the limits are exceeded. To check if the device has this issue, the administrator can execute the following command to monitor the status of DDoS protection: user@device\u003e show ddos-protection protocols error: the ddos-protection subsystem is not running This issue affects only QFX5100-96S devices. No other products or platforms are affected by this issue. This issue affects: Juniper Networks Junos OS on QFX5100-96S: 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R3, 19.1R3-S4; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2;"
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-665 Improper Initialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11129",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11129"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 17.3R3-S10, 17.4R3-S4, 18.1R3-S10, 18.2R3-S3, 18.3R3-S2, 18.4R2-S4, 18.4R3-S1, 19.1R3, 19.1R3-S4, 19.2R2, 19.3R3, 19.4R2, 20.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11129",
"defect": [
"1486480"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "The following command can be used to enable ddos-protection manually:\nroot@device% /usr/sbin/jddosd -N \u0026"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0234",
"datePublished": "2021-04-22T19:37:02.020328Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T03:52:53.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0263 (GCVE-0-2021-0263)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 20:13
VLAI?
EPSS
Summary
A Data Processing vulnerability in the Multi-Service process (multi-svcs) on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker to cause a Denial of Service (DoS) condition . The Multi-Service Process running on the FPC is responsible for handling sampling-related operations when a J-Flow configuration is activated. This can occur during periods of heavy route churn, causing the Multi-Service Process to stop processing updates, without consuming any further updates from kernel. This back pressure towards the kernel affects further dynamic updates from other processes in the system, including RPD, causing a KRT-STUCK condition and traffic forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device > show krt state ... Number of async queue entries: 65007 <--- this value keep on increasing. The following logs/alarms will be observed when this condition exists: user@junos> show chassis alarms 2 alarms currently active Alarm time Class Description 2020-10-11 04:33:45 PDT Minor Potential slow peers are: MSP(FPC1-PIC0) MSP(FPC3-PIC0) MSP(FPC4-PIC0) Logs: Oct 11 04:33:44.672 2020 test /kernel: rts_peer_cp_recv_timeout : Bit set for msp8 as it is stuck Oct 11 04:35:56.000 2020 test-lab fpc4 user.err gldfpc-multi-svcs.elf: Error in parsing composite nexthop Oct 11 04:35:56.000 2020 test-lab fpc4 user.err gldfpc-multi-svcs.elf: composite nexthop parsing error Oct 11 04:43:05 2020 test /kernel: rt_pfe_veto: Possible slowest client is msp38. States processed - 65865741. States to be processed - 0 Oct 11 04:55:55 2020 test /kernel: rt_pfe_veto: Memory usage of M_RTNEXTHOP type = (0) Max size possible for M_RTNEXTHOP type = (8311787520) Current delayed unref = (60000), Current unique delayed unref = (10896), Max delayed unref on this platform = (40000) Current delayed weight unref = (71426) Max delayed weight unref on this platform= (400000) curproc = rpd Oct 11 04:56:00 2020 test /kernel: rt_pfe_veto: Too many delayed route/nexthop unrefs. Op 2 err 55, rtsm_id 5:-1, msg type 2 This issue only affects PTX Series devices. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on PTX Series: 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S8, 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.2R1.
Severity ?
5.9 (Medium)
CWE
- CWE-19 - Data Processing Errors
- Denial of Service (DoS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Unaffected:
unspecified , < 18.2R1
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11154"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/example/flowmonitoring-active-sampling-instance-example.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.2R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"PTX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.2R3-S7",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S4",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S8, 18.4R3-S7",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S4",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R3-S1",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S1",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S4, 19.4R3-S1",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R1-S2, 20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "An example of flow monitoring configuration is shown below:\n\n flow-monitoring {\n version-ipfix {\n template NETFLOW_IPV4_TEMPLATE {\n flow-active-timeout 600;\n flow-inactive-timeout 10;\n ipv4-template;\n }\n template NETFLOW_IPV6_TEMPLATE {\n flow-active-timeout 600;\n flow-inactive-timeout 10;\n ipv6-template;\n }\n }\n }\n\ncombined with:\n\n forwarding-options :{\n sampling {\n ...\n }\n }"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Data Processing vulnerability in the Multi-Service process (multi-svcs) on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker to cause a Denial of Service (DoS) condition . The Multi-Service Process running on the FPC is responsible for handling sampling-related operations when a J-Flow configuration is activated. This can occur during periods of heavy route churn, causing the Multi-Service Process to stop processing updates, without consuming any further updates from kernel. This back pressure towards the kernel affects further dynamic updates from other processes in the system, including RPD, causing a KRT-STUCK condition and traffic forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device \u003e show krt state ... Number of async queue entries: 65007 \u003c--- this value keep on increasing. The following logs/alarms will be observed when this condition exists: user@junos\u003e show chassis alarms 2 alarms currently active Alarm time Class Description 2020-10-11 04:33:45 PDT Minor Potential slow peers are: MSP(FPC1-PIC0) MSP(FPC3-PIC0) MSP(FPC4-PIC0) Logs: Oct 11 04:33:44.672 2020 test /kernel: rts_peer_cp_recv_timeout : Bit set for msp8 as it is stuck Oct 11 04:35:56.000 2020 test-lab fpc4 user.err gldfpc-multi-svcs.elf: Error in parsing composite nexthop Oct 11 04:35:56.000 2020 test-lab fpc4 user.err gldfpc-multi-svcs.elf: composite nexthop parsing error Oct 11 04:43:05 2020 test /kernel: rt_pfe_veto: Possible slowest client is msp38. States processed - 65865741. States to be processed - 0 Oct 11 04:55:55 2020 test /kernel: rt_pfe_veto: Memory usage of M_RTNEXTHOP type = (0) Max size possible for M_RTNEXTHOP type = (8311787520) Current delayed unref = (60000), Current unique delayed unref = (10896), Max delayed unref on this platform = (40000) Current delayed weight unref = (71426) Max delayed weight unref on this platform= (400000) curproc = rpd Oct 11 04:56:00 2020 test /kernel: rt_pfe_veto: Too many delayed route/nexthop unrefs. Op 2 err 55, rtsm_id 5:-1, msg type 2 This issue only affects PTX Series devices. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on PTX Series: 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S8, 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.2R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-19",
"description": "CWE-19 Data Processing Errors",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:21",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11154"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/example/flowmonitoring-active-sampling-instance-example.html"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 18.2R3-S7, 18.3R3-S4, 18.4R2-S8, 18.4R3-S7, 19.1R3-S4, 19.2R3-S1, 19.3R3-S1, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2, 20.3R1-S2, 20.3R2, 20.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11154",
"defect": [
"1546143"
],
"discovery": "USER"
},
"title": "Junos OS: PTX Series: Denial of Service in packet processing due to heavy route churn when J-Flow sampling is enabled",
"workarounds": [
{
"lang": "en",
"value": "Deactivation of the sampling configuration under the chassis hierarchy will mitigate this issue:\n\n deactivate chassis fpc \u003cx\u003e sampling-instance \u003cx\u003e"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0263",
"STATE": "PUBLIC",
"TITLE": "Junos OS: PTX Series: Denial of Service in packet processing due to heavy route churn when J-Flow sampling is enabled"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "!\u003c",
"version_value": "18.2R1"
},
{
"platform": "PTX Series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S7"
},
{
"platform": "PTX Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S4"
},
{
"platform": "PTX Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S8, 18.4R3-S7"
},
{
"platform": "PTX Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S4"
},
{
"platform": "PTX Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R3-S1"
},
{
"platform": "PTX Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S1"
},
{
"platform": "PTX Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S4, 19.4R3-S1"
},
{
"platform": "PTX Series",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2"
},
{
"platform": "PTX Series",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2"
},
{
"platform": "PTX Series",
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R1-S2, 20.3R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "An example of flow monitoring configuration is shown below:\n\n flow-monitoring {\n version-ipfix {\n template NETFLOW_IPV4_TEMPLATE {\n flow-active-timeout 600;\n flow-inactive-timeout 10;\n ipv4-template;\n }\n template NETFLOW_IPV6_TEMPLATE {\n flow-active-timeout 600;\n flow-inactive-timeout 10;\n ipv6-template;\n }\n }\n }\n\ncombined with:\n\n forwarding-options :{\n sampling {\n ...\n }\n }"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Data Processing vulnerability in the Multi-Service process (multi-svcs) on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker to cause a Denial of Service (DoS) condition . The Multi-Service Process running on the FPC is responsible for handling sampling-related operations when a J-Flow configuration is activated. This can occur during periods of heavy route churn, causing the Multi-Service Process to stop processing updates, without consuming any further updates from kernel. This back pressure towards the kernel affects further dynamic updates from other processes in the system, including RPD, causing a KRT-STUCK condition and traffic forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device \u003e show krt state ... Number of async queue entries: 65007 \u003c--- this value keep on increasing. The following logs/alarms will be observed when this condition exists: user@junos\u003e show chassis alarms 2 alarms currently active Alarm time Class Description 2020-10-11 04:33:45 PDT Minor Potential slow peers are: MSP(FPC1-PIC0) MSP(FPC3-PIC0) MSP(FPC4-PIC0) Logs: Oct 11 04:33:44.672 2020 test /kernel: rts_peer_cp_recv_timeout : Bit set for msp8 as it is stuck Oct 11 04:35:56.000 2020 test-lab fpc4 user.err gldfpc-multi-svcs.elf: Error in parsing composite nexthop Oct 11 04:35:56.000 2020 test-lab fpc4 user.err gldfpc-multi-svcs.elf: composite nexthop parsing error Oct 11 04:43:05 2020 test /kernel: rt_pfe_veto: Possible slowest client is msp38. States processed - 65865741. States to be processed - 0 Oct 11 04:55:55 2020 test /kernel: rt_pfe_veto: Memory usage of M_RTNEXTHOP type = (0) Max size possible for M_RTNEXTHOP type = (8311787520) Current delayed unref = (60000), Current unique delayed unref = (10896), Max delayed unref on this platform = (40000) Current delayed weight unref = (71426) Max delayed weight unref on this platform= (400000) curproc = rpd Oct 11 04:56:00 2020 test /kernel: rt_pfe_veto: Too many delayed route/nexthop unrefs. Op 2 err 55, rtsm_id 5:-1, msg type 2 This issue only affects PTX Series devices. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on PTX Series: 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S8, 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.2R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-19 Data Processing Errors"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11154",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11154"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/example/flowmonitoring-active-sampling-instance-example.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/example/flowmonitoring-active-sampling-instance-example.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 18.2R3-S7, 18.3R3-S4, 18.4R2-S8, 18.4R3-S7, 19.1R3-S4, 19.2R3-S1, 19.3R3-S1, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2, 20.3R1-S2, 20.3R2, 20.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11154",
"defect": [
"1546143"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Deactivation of the sampling configuration under the chassis hierarchy will mitigate this issue:\n\n deactivate chassis fpc \u003cx\u003e sampling-instance \u003cx\u003e"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0263",
"datePublished": "2021-04-22T19:37:21.547569Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T20:13:21.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0259 (GCVE-0-2021-0259)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 17:48
VLAI?
EPSS
Summary
Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instability might be experienced in the underlay network as a consequence of exceeding the default ddos-protection aggregate threshold. If an attacker on a client device on the overlay network sends a high volume of specific, legitimate traffic in the overlay network, due to an improperly detected DDoS violation, the leaf might not process certain L2 traffic, sent by spines in the underlay network. Continued receipt and processing of the high volume traffic will sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on QFX5K Series: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R2-S8, 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS Evolved on QFX5220: All versions prior to 20.3R2-EVO.
Severity ?
7.4 (High)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
- Denial of Service (DoS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
17.3 , < 17.3R3-S11
(custom)
Affected: 17.4 , < 17.4R3-S5 (custom) Affected: 18.1 , < 18.1R3-S13 (custom) Affected: 18.2 , < 18.2R2-S8, 18.2R3-S8 (custom) Affected: 18.3 , < 18.3R3-S5 (custom) Affected: 18.4 , < 18.4R1-S8, 18.4R2-S6, 18.4R3-S6 (custom) Affected: 19.1 , < 19.1R3-S4 (custom) Affected: 19.2 , < 19.2R1-S6, 19.2R3-S2 (custom) Affected: 19.3 , < 19.3R3-S2 (custom) Affected: 19.4 , < 19.4R2-S4, 19.4R3-S1 (custom) Affected: 20.1 , < 20.1R2 (custom) Affected: 20.2 , < 20.2R2 (custom) Affected: 20.3 , < 20.3R1-S2, 20.3R2 (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QFX5K Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.3R3-S11",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R3-S5",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S13",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S8, 18.2R3-S8",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S5",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S8, 18.4R2-S6, 18.4R3-S6",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S4",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S6, 19.2R3-S2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S4, 19.4R3-S1",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R1-S2, 20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
},
{
"platforms": [
"QFX5220"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.3R2-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "An example of a configuration affected by this issue is shown below:\n\n routing-instance evpn10 {\n vtep-source-interface lo0.0;\n instance-type evpn;\n vlan-id 10;\n interface xe-0/0/2.10;\n vxlan {\n vni 10;\n }\n route-distinguisher 10.255.181.13:10;\n vrf-target target:10:10;\n protocols {\n evpn;\n }\n }"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instability might be experienced in the underlay network as a consequence of exceeding the default ddos-protection aggregate threshold. If an attacker on a client device on the overlay network sends a high volume of specific, legitimate traffic in the overlay network, due to an improperly detected DDoS violation, the leaf might not process certain L2 traffic, sent by spines in the underlay network. Continued receipt and processing of the high volume traffic will sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on QFX5K Series: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R2-S8, 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS Evolved on QFX5220: All versions prior to 20.3R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:18",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11150"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 17.3R3-S11, 17.4R3-S5, 18.1R3-S13, 18.2R2-S8, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R3-S2, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2, 20.3R1-S2, 20.3R2, 20.4R1, and all subsequent releases.\n\nJunos OS Evolved: 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11150",
"defect": [
"1499681"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: QFX5K Series: Underlay network traffic might not be processed upon receipt of high rate of specific genuine overlay packets in VXLAN scenario",
"workarounds": [
{
"lang": "en",
"value": "There are no available workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0259",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: QFX5K Series: Underlay network traffic might not be processed upon receipt of high rate of specific genuine overlay packets in VXLAN scenario"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S11"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R3-S5"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S13"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S8, 18.2R3-S8"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S5"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S8, 18.4R2-S6, 18.4R3-S6"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S4"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S6, 19.2R3-S2"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S2"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S4, 19.4R3-S1"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R1-S2, 20.3R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"platform": "QFX5220",
"version_affected": "\u003c",
"version_value": "20.3R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "An example of a configuration affected by this issue is shown below:\n\n routing-instance evpn10 {\n vtep-source-interface lo0.0;\n instance-type evpn;\n vlan-id 10;\n interface xe-0/0/2.10;\n vxlan {\n vni 10;\n }\n route-distinguisher 10.255.181.13:10;\n vrf-target target:10:10;\n protocols {\n evpn;\n }\n }"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instability might be experienced in the underlay network as a consequence of exceeding the default ddos-protection aggregate threshold. If an attacker on a client device on the overlay network sends a high volume of specific, legitimate traffic in the overlay network, due to an improperly detected DDoS violation, the leaf might not process certain L2 traffic, sent by spines in the underlay network. Continued receipt and processing of the high volume traffic will sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on QFX5K Series: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R2-S8, 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS Evolved on QFX5220: All versions prior to 20.3R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11150",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11150"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 17.3R3-S11, 17.4R3-S5, 18.1R3-S13, 18.2R2-S8, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R3-S2, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2, 20.3R1-S2, 20.3R2, 20.4R1, and all subsequent releases.\n\nJunos OS Evolved: 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11150",
"defect": [
"1499681"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no available workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0259",
"datePublished": "2021-04-22T19:37:18.777052Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T17:48:16.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0271 (GCVE-0-2021-0271)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 16:59
VLAI?
EPSS
Summary
A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the crafted ARP packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series. 12.3 versions prior to 12.3R12-S17; 15.1 versions prior to 15.1R7-S8. This issue only affects the listed Marvell-chipset based EX Series devices. No other products or platforms are affected.
Severity ?
6.5 (Medium)
CWE
- Denial of Service (DoS)
- CWE-415 - Double Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
12.3 , < 12.3R12-S17
(custom)
Affected: 15.1 , < 15.1R7-S8 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11162"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3R12-S17",
"status": "affected",
"version": "12.3",
"versionType": "custom"
},
{
"lessThan": "15.1R7-S8",
"status": "affected",
"version": "15.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the crafted ARP packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series. 12.3 versions prior to 12.3R12-S17; 15.1 versions prior to 15.1R7-S8. This issue only affects the listed Marvell-chipset based EX Series devices. No other products or platforms are affected."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:26",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11162"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS: 12.3R12-S17, 15.1R7-S8, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11162",
"defect": [
"1497768"
],
"discovery": "USER"
},
"title": "Junos OS: EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series: Receipt of a crafted ARP packet by an adjacent attacker will cause the sfid process to core.",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0271",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series: Receipt of a crafted ARP packet by an adjacent attacker will cause the sfid process to core."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series",
"version_affected": "\u003c",
"version_name": "12.3",
"version_value": "12.3R12-S17"
},
{
"platform": "EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series",
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S8"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the crafted ARP packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series. 12.3 versions prior to 12.3R12-S17; 15.1 versions prior to 15.1R7-S8. This issue only affects the listed Marvell-chipset based EX Series devices. No other products or platforms are affected."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-415 Double Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11162",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11162"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS: 12.3R12-S17, 15.1R7-S8, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11162",
"defect": [
"1497768"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0271",
"datePublished": "2021-04-22T19:37:27.039777Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T16:59:14.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0239 (GCVE-0-2021-0239)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 17:49
VLAI?
EPSS
Summary
In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit (AFT) manager process (Evo-aftmand), responsible for handling Route, Class-of-Service (CoS), Firewall operations within the packet forwarding engine (PFE) to crash and restart, leading to a Denial of Service (DoS) condition. By continuously sending this specific stream of genuine Layer 2 frames, an attacker can repeatedly crash the PFE, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R1-EVO. This issue does not affect Junos OS versions.
Severity ?
6.5 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
- Denial of Service (DoS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Affected:
unspecified , < 20.4R1-EVO
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:09.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit (AFT) manager process (Evo-aftmand), responsible for handling Route, Class-of-Service (CoS), Firewall operations within the packet forwarding engine (PFE) to crash and restart, leading to a Denial of Service (DoS) condition. By continuously sending this specific stream of genuine Layer 2 frames, an attacker can repeatedly crash the PFE, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R1-EVO. This issue does not affect Junos OS versions."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:05",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11134"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11134",
"defect": [
"1548758"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Denial of Service due to receipt of specific genuine layer 2 frames.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0239",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: Denial of Service due to receipt of specific genuine layer 2 frames."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.4R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit (AFT) manager process (Evo-aftmand), responsible for handling Route, Class-of-Service (CoS), Firewall operations within the packet forwarding engine (PFE) to crash and restart, leading to a Denial of Service (DoS) condition. By continuously sending this specific stream of genuine Layer 2 frames, an attacker can repeatedly crash the PFE, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R1-EVO. This issue does not affect Junos OS versions."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11134",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11134"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11134",
"defect": [
"1548758"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0239",
"datePublished": "2021-04-22T19:37:05.415854Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T17:49:30.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0245 (GCVE-0-2021-0245)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 17:58
VLAI?
EPSS
Summary
A Use of Hard-coded Credentials vulnerability in Juniper Networks Junos OS on Junos Fusion satellite devices allows an attacker who is local to the device to elevate their privileges and take control of the device. This issue affects: Juniper Networks Junos OS Junos Fusion Satellite Devices. 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S12, 17.1R3-S2; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10; 17.4 version 17.4R3 and later versions; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2; 20.1 versions prior to 20.1R1-S1, 20.1R2. This issue does not affected Junos OS releases prior to 16.1R1 or all 19.2R3 and 19.4R3 release versions.
Severity ?
7.8 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
16.1 , < 16.1R7-S7
(custom)
Affected: 17.1 , < 17.1R2-S12, 17.1R3-S2 (custom) Affected: 17.2 , < 17.2R3-S4 (custom) Affected: 17.3 , < 17.3R3-S8 (custom) Affected: 17.4 , < 17.4R2-S10 (custom) Affected: 18.1 , < 18.1R3-S10 (custom) Affected: 18.2 , < 18.2R2-S7, 18.2R3-S3 (custom) Affected: 18.3 , < 18.3R1-S7, 18.3R2-S4, 18.3R3-S2 (custom) Affected: 18.4 , < 18.4R1-S6, 18.4R2-S4, 18.4R3-S1 (custom) Affected: 19.1 , < 19.1R1-S5, 19.1R2-S1, 19.1R3 (custom) Affected: 19.2 , < 19.2R1-S4, 19.2R2 (custom) Affected: 19.3 , < 19.3R2-S5, 19.3R3 (custom) Affected: 19.4 , < 19.4R1-S1, 19.4R2 (custom) Affected: 20.1 , < 20.1R1-S1, 20.1R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "16.1R7-S7",
"status": "affected",
"version": "16.1",
"versionType": "custom"
},
{
"lessThan": "17.1R2-S12, 17.1R3-S2",
"status": "affected",
"version": "17.1",
"versionType": "custom"
},
{
"lessThan": "17.2R3-S4",
"status": "affected",
"version": "17.2",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S8",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"changes": [
{
"at": "17.4R3",
"status": "affected"
}
],
"lessThan": "17.4R2-S10",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S10",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S7, 18.2R3-S3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R1-S7, 18.3R2-S4, 18.3R3-S2",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S6, 18.4R2-S4, 18.4R3-S1",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S5, 19.1R2-S1, 19.1R3",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S4, 19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S5, 19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S1, 19.4R2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R1-S1, 20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Use of Hard-coded Credentials vulnerability in Juniper Networks Junos OS on Junos Fusion satellite devices allows an attacker who is local to the device to elevate their privileges and take control of the device. This issue affects: Juniper Networks Junos OS Junos Fusion Satellite Devices. 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S12, 17.1R3-S2; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10; 17.4 version 17.4R3 and later versions; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2; 20.1 versions prior to 20.1R1-S1, 20.1R2. This issue does not affected Junos OS releases prior to 16.1R1 or all 19.2R3 and 19.4R3 release versions."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:09",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11138"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS: 16.1R7-S7, 17.1R2-S12, 17.1R3-S2, 17.2R3-S4, 17.3R3-S8, 17.4R2-S10, 18.1R3-S10, 18.2R2-S7, 18.2R3-S3, 18.3R1-S7, 18.3R2-S4, 18.3R3-S2, 18.4R1-S6, 18.4R2-S4, 18.4R3-S1, 19.1R1-S5, 19.1R2-S1, 19.1R3, 19.2R1-S4, 19.2R2, 19.3R2-S5, 19.3R3, 19.4R1-S1, 19.4R2, 20.1R1-S1, 20.1R2, 20.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11138",
"defect": [
"1420426"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: Junos Fusion: Hard-coded credentials on satellite devices allows a locally authenticated attacker to elevate their privileges.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue. \n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0245",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Junos Fusion: Hard-coded credentials on satellite devices allows a locally authenticated attacker to elevate their privileges."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "16.1",
"version_value": "16.1R7-S7"
},
{
"version_affected": "\u003c",
"version_name": "17.1",
"version_value": "17.1R2-S12, 17.1R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "17.2",
"version_value": "17.2R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S10"
},
{
"version_affected": "\u003e=",
"version_name": "17.4",
"version_value": "17.4R3"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R1-S7, 18.3R2-S4, 18.3R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S6, 18.4R2-S4, 18.4R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S5, 19.1R2-S1, 19.1R3"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S4, 19.2R2"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S5, 19.3R3"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S1, 19.4R2"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1-S1, 20.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Use of Hard-coded Credentials vulnerability in Juniper Networks Junos OS on Junos Fusion satellite devices allows an attacker who is local to the device to elevate their privileges and take control of the device. This issue affects: Juniper Networks Junos OS Junos Fusion Satellite Devices. 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S12, 17.1R3-S2; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10; 17.4 version 17.4R3 and later versions; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2; 20.1 versions prior to 20.1R1-S1, 20.1R2. This issue does not affected Junos OS releases prior to 16.1R1 or all 19.2R3 and 19.4R3 release versions."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11138",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11138"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS: 16.1R7-S7, 17.1R2-S12, 17.1R3-S2, 17.2R3-S4, 17.3R3-S8, 17.4R2-S10, 18.1R3-S10, 18.2R2-S7, 18.2R3-S3, 18.3R1-S7, 18.3R2-S4, 18.3R3-S2, 18.4R1-S6, 18.4R2-S4, 18.4R3-S1, 19.1R1-S5, 19.1R2-S1, 19.1R3, 19.2R1-S4, 19.2R2, 19.3R2-S5, 19.3R3, 19.4R1-S1, 19.4R2, 20.1R1-S1, 20.1R2, 20.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11138",
"defect": [
"1420426"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue. \n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0245",
"datePublished": "2021-04-22T19:37:09.449425Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T17:58:19.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0262 (GCVE-0-2021-0262)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 00:51
VLAI?
EPSS
Summary
Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Development Life Cycle team identified a Use After Free vulnerability in PFE packet processing on the QFX10002-60C switching platform. Exploitation of this vulnerability may allow a logically adjacent attacker to trigger a Denial of Service (DoS). Continued exploitation of this vulnerability will sustain the Denial of Service (DoS) condition. This issue only affects QFX10002-60C devices. No other product or platform is vulnerable to this issue. This issue affects Juniper Networks Junos OS on QFX10002-60C: 19.1 version 19.1R3-S1 and later versions; 19.1 versions prior to 19.1R3-S3; 19.2 version 19.2R2 and later versions; 19.2 versions prior to 19.2R3-S1; 20.2 versions prior to 20.2R1-S2. This issue does not affect Juniper Networks Junos OS: versions prior to 19.1R3; 19.2 versions prior to 19.2R2; any version of 19.3; version 20.2R2 and later releases.
Severity ?
6.5 (Medium)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Unaffected:
unspecified , < 19.1R3
(custom)
Unaffected: 19.3 Unaffected: 20.2R2 , < unspecified (custom) Affected: 19.1R3-S1 , < 19.1* (custom) Unaffected: 19.2 , < 19.2R2 (custom) Affected: 20.2 , < 20.2R1-S2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QFX10002-60C"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.1R3",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "19.3"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "20.2R2",
"versionType": "custom"
},
{
"changes": [
{
"at": "19.1R3-S3",
"status": "unaffected"
}
],
"lessThan": "19.1*",
"status": "affected",
"version": "19.1R3-S1",
"versionType": "custom"
},
{
"changes": [
{
"at": "19.2R2",
"status": "affected"
},
{
"at": "19.2R3-S1",
"status": "unaffected"
}
],
"lessThan": "19.2R2",
"status": "unaffected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "20.2R1-S2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Development Life Cycle team identified a Use After Free vulnerability in PFE packet processing on the QFX10002-60C switching platform. Exploitation of this vulnerability may allow a logically adjacent attacker to trigger a Denial of Service (DoS). Continued exploitation of this vulnerability will sustain the Denial of Service (DoS) condition. This issue only affects QFX10002-60C devices. No other product or platform is vulnerable to this issue. This issue affects Juniper Networks Junos OS on QFX10002-60C: 19.1 version 19.1R3-S1 and later versions; 19.1 versions prior to 19.1R3-S3; 19.2 version 19.2R2 and later versions; 19.2 versions prior to 19.2R3-S1; 20.2 versions prior to 20.2R1-S2. This issue does not affect Juniper Networks Junos OS: versions prior to 19.1R3; 19.2 versions prior to 19.2R2; any version of 19.3; version 20.2R2 and later releases."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:20",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11153"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 19.1R3-S3, 19.2R3-S1, 20.2R1-S2, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11153",
"defect": [
"1519453"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: QFX10002-60C: Use after free vulnerability found during static code analysis",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0262",
"STATE": "PUBLIC",
"TITLE": "Junos OS: QFX10002-60C: Use after free vulnerability found during static code analysis"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "QFX10002-60C",
"version_affected": "!\u003c",
"version_value": "19.1R3"
},
{
"platform": "QFX10002-60C",
"version_affected": "\u003e=",
"version_name": "19.1",
"version_value": "19.1R3-S1"
},
{
"platform": "QFX10002-60C",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S3"
},
{
"platform": "QFX10002-60C",
"version_affected": "!\u003c",
"version_name": "19.2",
"version_value": "19.2R2"
},
{
"platform": "QFX10002-60C",
"version_affected": "\u003e=",
"version_name": "19.2",
"version_value": "19.2R2"
},
{
"platform": "QFX10002-60C",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R3-S1"
},
{
"platform": "QFX10002-60C",
"version_affected": "!",
"version_value": "19.3"
},
{
"platform": "QFX10002-60C",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R1-S2"
},
{
"platform": "QFX10002-60C",
"version_affected": "!\u003e=",
"version_value": "20.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Development Life Cycle team identified a Use After Free vulnerability in PFE packet processing on the QFX10002-60C switching platform. Exploitation of this vulnerability may allow a logically adjacent attacker to trigger a Denial of Service (DoS). Continued exploitation of this vulnerability will sustain the Denial of Service (DoS) condition. This issue only affects QFX10002-60C devices. No other product or platform is vulnerable to this issue. This issue affects Juniper Networks Junos OS on QFX10002-60C: 19.1 version 19.1R3-S1 and later versions; 19.1 versions prior to 19.1R3-S3; 19.2 version 19.2R2 and later versions; 19.2 versions prior to 19.2R3-S1; 20.2 versions prior to 20.2R1-S2. This issue does not affect Juniper Networks Junos OS: versions prior to 19.1R3; 19.2 versions prior to 19.2R2; any version of 19.3; version 20.2R2 and later releases."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11153",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11153"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 19.1R3-S3, 19.2R3-S1, 20.2R1-S2, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11153",
"defect": [
"1519453"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0262",
"datePublished": "2021-04-22T19:37:20.806105Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T00:51:26.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0268 (GCVE-0-2021-0268)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 01:36
VLAI?
EPSS
Summary
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the device without authentication. The weakness can be exploited to facilitate cross-site scripting (XSS), cookie manipulation (modifying session cookies, stealing cookies) and more. This weakness can also be exploited by directing a user to a seemingly legitimate link from the affected site. The attacker requires no special access or permissions to the device to carry out such attacks. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.1R1.
Severity ?
8.8 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Unaffected:
unspecified , < 18.1R1
(custom)
Affected: 18.1 , < 18.1R3-S11 (custom) Affected: 18.2 , < 18.2R3-S5 (custom) Affected: 18.3 , < 18.3R2-S4, 18.3R3-S3 (custom) Affected: 18.4 , < 18.4R2-S5, 18.4R3-S3 (custom) Affected: 19.1 , < 19.1R2-S2, 19.1R3-S2 (custom) Affected: 19.2 , < 19.2R1-S5, 19.2R2 (custom) Affected: 19.3 , < 19.3R3 (custom) Affected: 19.4 , < 19.4R1-S3, 19.4R2, 19.4R3 (custom) Affected: 20.1 , < 20.1R1-S2, 20.1R2 (custom) |
Credits
The Juniper SIRT wishes to thank Luca Ercoli for responsibly reporting one of the issues resolved in this update.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11159"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.1R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S11",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S5",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R2-S4, 18.3R3-S3",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S5, 18.4R3-S3",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S2, 19.1R3-S2",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S5, 19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S3, 19.4R2, 19.4R3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R1-S2, 20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following minimal configuration is necessary: \n\n [system services web-management http]\nor\n [system services web-management https]"
}
],
"credits": [
{
"lang": "en",
"value": "The Juniper SIRT wishes to thank Luca Ercoli for responsibly reporting one of the issues resolved in this update."
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027) weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the device without authentication. The weakness can be exploited to facilitate cross-site scripting (XSS), cookie manipulation (modifying session cookies, stealing cookies) and more. This weakness can also be exploited by directing a user to a seemingly legitimate link from the affected site. The attacker requires no special access or permissions to the device to carry out such attacks. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.1R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-113",
"description": "CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-02T10:29:42",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11159"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S3, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R2, 19.3R3, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11159",
"defect": [
"1503569"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: J-Web has an Improper Neutralization of CRLF Sequences in its HTTP Headers which allows an attacker to carry out multiple types of attacks.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue other than disabling the J-Web service.\n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0268",
"STATE": "PUBLIC",
"TITLE": "Junos OS: J-Web has an Improper Neutralization of CRLF Sequences in its HTTP Headers which allows an attacker to carry out multiple types of attacks."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2, 19.4R3"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1-S2, 20.1R2"
},
{
"version_affected": "!\u003c",
"version_value": "18.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The following minimal configuration is necessary: \n\n [system services web-management http]\nor\n [system services web-management https]"
}
],
"credit": [
{
"lang": "eng",
"value": "The Juniper SIRT wishes to thank Luca Ercoli for responsibly reporting one of the issues resolved in this update."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027) weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the device without authentication. The weakness can be exploited to facilitate cross-site scripting (XSS), cookie manipulation (modifying session cookies, stealing cookies) and more. This weakness can also be exploited by directing a user to a seemingly legitimate link from the affected site. The attacker requires no special access or permissions to the device to carry out such attacks. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.1R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11159",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11159"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S3, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R2, 19.3R3, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11159",
"defect": [
"1503569"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue other than disabling the J-Web service.\n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0268",
"datePublished": "2021-04-22T19:37:24.958647Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T01:36:26.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0249 (GCVE-0-2021-0249)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 22:02
VLAI?
EPSS
Summary
On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS may allow an attacker to arbitrarily execute code or commands on the target to take over or otherwise impact the device by sending crafted packets to or through the device. This issue affects: Juniper Networks Junos OS on SRX Series: 15.1X49 versions prior to 15.1X49-D190; 17.4 versions prior to 17.4R2-S9; 17.4R3 and later versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3-S1; 18.3 versions prior to 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S1, 19.2R2. An indicator of compromise can be the following text in the UTM log: RT_UTM: AV_FILE_NOT_SCANNED_PASSED_MT:
Severity ?
8.1 (High)
CWE
- Remote Code Execution
- Remote Command Execution
- Local Code Execution
- Local Command Execution
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
15.1X49 , < 15.1X49-D190
(custom)
Affected: 17.4 , < 17.4R2-S9 (custom) Affected: 18.1 , < 18.1R3-S9 (custom) Affected: 18.2 , < 18.2R3-S1 (custom) Affected: 18.3 , < 18.3R2-S3, 18.3R3 (custom) Affected: 18.4 , < 18.4R2-S3, 18.4R3 (custom) Affected: 19.1 , < 19.1R1-S4, 19.1R2 (custom) Affected: 19.2 , < 19.2R1-S1, 19.2R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1X49-D190",
"status": "affected",
"version": "15.1X49",
"versionType": "custom"
},
{
"changes": [
{
"at": "17.4R3",
"status": "affected"
}
],
"lessThan": "17.4R2-S9",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S9",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S1",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R2-S3, 18.3R3",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S3, 18.4R3",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S4, 19.1R2",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S1, 19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following minimal configuration is required to be potentially exposed to this issue: \n [security utm]"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS may allow an attacker to arbitrarily execute code or commands on the target to take over or otherwise impact the device by sending crafted packets to or through the device. This issue affects: Juniper Networks Junos OS on SRX Series: 15.1X49 versions prior to 15.1X49-D190; 17.4 versions prior to 17.4R2-S9; 17.4R3 and later versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3-S1; 18.3 versions prior to 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S1, 19.2R2. An indicator of compromise can be the following text in the UTM log: RT_UTM: AV_FILE_NOT_SCANNED_PASSED_MT:"
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"description": "Remote Command Execution",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"description": "Local Code Execution",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"description": "Local Command Execution",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:12",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11142"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 15.1X49-D190, 17.4R2-S9, 18.1R3-S9, 18.2R3-S1, 18.3R2-S3, 18.3R3, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2, 19.2R1-S1, 19.2R2, 19.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11142",
"defect": [
"1441366"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: SRX Series: A remote attacker may be able to cause a PFE buffer overflow to arbitrarily remotely execute code or commands on the target device with UTM enabled.",
"workarounds": [
{
"lang": "en",
"value": "There are no available workarounds for this issue other than disabling UTM services."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0249",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series: A remote attacker may be able to cause a PFE buffer overflow to arbitrarily remotely execute code or commands on the target device with UTM enabled."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "15.1X49",
"version_value": "15.1X49-D190"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S9"
},
{
"platform": "SRX Series",
"version_affected": "\u003e=",
"version_name": "17.4",
"version_value": "17.4R3"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S9"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S1"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R2-S3, 18.3R3"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S3, 18.4R3"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S4, 19.1R2"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S1, 19.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The following minimal configuration is required to be potentially exposed to this issue: \n [security utm]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS may allow an attacker to arbitrarily execute code or commands on the target to take over or otherwise impact the device by sending crafted packets to or through the device. This issue affects: Juniper Networks Junos OS on SRX Series: 15.1X49 versions prior to 15.1X49-D190; 17.4 versions prior to 17.4R2-S9; 17.4R3 and later versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3-S1; 18.3 versions prior to 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S1, 19.2R2. An indicator of compromise can be the following text in the UTM log: RT_UTM: AV_FILE_NOT_SCANNED_PASSED_MT:"
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Remote Command Execution"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Local Code Execution"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Local Command Execution"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11142",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11142"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 15.1X49-D190, 17.4R2-S9, 18.1R3-S9, 18.2R3-S1, 18.3R2-S3, 18.3R3, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2, 19.2R1-S1, 19.2R2, 19.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11142",
"defect": [
"1441366"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no available workarounds for this issue other than disabling UTM services."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0249",
"datePublished": "2021-04-22T19:37:12.102136Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T22:02:18.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0237 (GCVE-0-2021-0237)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 02:56
VLAI?
EPSS
Summary
On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series deployed as a Virtual Chassis with a specific Layer 2 circuit configuration, Packet Forwarding Engine manager (FXPC) process may crash and restart upon receipt of specific layer 2 frames. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4, 17.4R3-S5; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2;
Severity ?
6.5 (Medium)
CWE
- 754 - Improper Check for Unusual or Exceptional Conditions
- Denial of Service (DoS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
15.1 , < 15.1R7-S9
(custom)
Affected: 17.3 , < 17.3R3-S11 (custom) Affected: 17.4 , < 17.4R2-S13, 17.4R3-S4, 17.4R3-S5 (custom) Affected: 18.2 , < 18.2R3-S8 (custom) Affected: 18.3 , < 18.3R3-S4 (custom) Affected: 18.4 , < 18.4R2-S7, 18.4R3-S6 (custom) Affected: 19.1 , < 19.1R3-S4 (custom) Affected: 19.2 , < 19.2R1-S6, 19.2R3-S1 (custom) Affected: 19.3 , < 19.3R3-S1 (custom) Affected: 19.4 , < 19.4R2-S4, 19.4R3-S1 (custom) Affected: 20.1 , < 20.1R2 (custom) Affected: 20.2 , < 20.2R2, 20.2R3 (custom) Affected: 20.3 , < 20.3R1-S2, 20.3R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11132"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1R7-S9",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S11",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S13, 17.4R3-S4, 17.4R3-S5",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S8",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S4",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S7, 18.4R3-S6",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S4",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S6, 19.2R3-S1",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S1",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S4, 19.4R3-S1",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2, 20.2R3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R1-S2, 20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The examples of the configuration stanza affected by this issue is as follows:\n\n [protocols l2circuit neighbor \u003caddress\u003e interface \u003cinterface-name\u003e]\n\nused together with\n [protocols mpls interface \u003cinterface-name\u003e]\nor\n [protocols ospf area \u003carea-id\u003e interface \u003cinterface-name\u003e]"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series deployed as a Virtual Chassis with a specific Layer 2 circuit configuration, Packet Forwarding Engine manager (FXPC) process may crash and restart upon receipt of specific layer 2 frames. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4, 17.4R3-S5; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2;"
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "754 - Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:03",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11132"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 15.1R7-S9, 17.3R3-S11, 17.4R2-S13, 17.4R3-S4, 17.4R3-S5, 18.3R3-S4, 18.4R2-S7, 18.4R3-S6, 19.1R3-S4, 19.2R1-S6, 19.2R3-S1, 19.3R3-S1, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2, 20.2R3, 20.3R1-S2, 20.3R2, 20.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11132",
"defect": [
"1528409"
],
"discovery": "USER"
},
"title": "Junos OS: EX4300-MP/EX4600/EX4650/QFX5K Series: Packet Forwarding Engine manager (FXPC) process crashes when deployed in a Virtual Chassis (VC) configuration",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0237",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX4300-MP/EX4600/EX4650/QFX5K Series: Packet Forwarding Engine manager (FXPC) process crashes when deployed in a Virtual Chassis (VC) configuration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S9"
},
{
"platform": "EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S11"
},
{
"platform": "EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S13, 17.4R3-S4, 17.4R3-S5"
},
{
"platform": "EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S8"
},
{
"platform": "EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S4"
},
{
"platform": "EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S7, 18.4R3-S6"
},
{
"platform": "EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S4"
},
{
"platform": "EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S6, 19.2R3-S1"
},
{
"platform": "EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S1"
},
{
"platform": "EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S4, 19.4R3-S1"
},
{
"platform": "EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2"
},
{
"platform": "EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2, 20.2R3"
},
{
"platform": "EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R1-S2, 20.3R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The examples of the configuration stanza affected by this issue is as follows:\n\n [protocols l2circuit neighbor \u003caddress\u003e interface \u003cinterface-name\u003e]\n\nused together with\n [protocols mpls interface \u003cinterface-name\u003e]\nor\n [protocols ospf area \u003carea-id\u003e interface \u003cinterface-name\u003e]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series deployed as a Virtual Chassis with a specific Layer 2 circuit configuration, Packet Forwarding Engine manager (FXPC) process may crash and restart upon receipt of specific layer 2 frames. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4, 17.4R3-S5; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2;"
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "754 - Improper Check for Unusual or Exceptional Conditions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11132",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11132"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 15.1R7-S9, 17.3R3-S11, 17.4R2-S13, 17.4R3-S4, 17.4R3-S5, 18.3R3-S4, 18.4R2-S7, 18.4R3-S6, 19.1R3-S4, 19.2R1-S6, 19.2R3-S1, 19.3R3-S1, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2, 20.2R3, 20.3R1-S2, 20.3R2, 20.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11132",
"defect": [
"1528409"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0237",
"datePublished": "2021-04-22T19:37:04.064508Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T02:56:55.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0253 (GCVE-0-2021-0253)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 22:20
VLAI?
EPSS
Summary
NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This issue affects Juniper Networks Junos OS on NFX Series 17.2 version 17.2R1 and later versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S3; 19.2 version 19.1R2 and later versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2-S2. 19.4 versions 19.4R3 and above. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1. This issue does not affect the JDMD as used by Junos Node Slicing such as External Servers use in conjunction with Junos Node Slicing and In-Chassis Junos Node Slicing on MX480, MX960, MX2008, MX2010, MX2020.
Severity ?
7.8 (High)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
- 20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 18.3R3-S4
(custom)
Affected: 17.2R1 , < 17.2* (custom) Affected: 18.4 , < 18.4R2-S5, 18.4R3-S5 (custom) Affected: 19.1 , < 19.1R1-S3 (custom) Affected: 19.1R2 , < 19.2* (custom) Affected: 19.3 , < 19.3R3 (custom) Affected: 19.4 , < 19.4R2-S2 (custom) |
|||||||
|
|||||||||
Credits
Cyrille CHATRAS from Orange group
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11146"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-vrf9-cjcp-rwcr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"NFX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.3R3-S4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "17.2*",
"status": "affected",
"version": "17.2R1",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S5, 18.4R3-S5",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S3",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "19.2R3",
"status": "unaffected"
}
],
"lessThan": "19.2*",
"status": "affected",
"version": "19.1R2",
"versionType": "custom"
},
{
"lessThan": "19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"changes": [
{
"at": "19.4R3",
"status": "affected"
}
],
"lessThan": "19.4R2-S2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.2R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "There is no specific software configuration required to be affected by this issue on affected platforms and products."
}
],
"credits": [
{
"lang": "en",
"value": "Cyrille CHATRAS from Orange group"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This issue affects Juniper Networks Junos OS on NFX Series 17.2 version 17.2R1 and later versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S3; 19.2 version 19.1R2 and later versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2-S2. 19.4 versions 19.4R3 and above. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1. This issue does not affect the JDMD as used by Junos Node Slicing such as External Servers use in conjunction with Junos Node Slicing and In-Chassis Junos Node Slicing on MX480, MX960, MX2008, MX2010, MX2020."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "20 - Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T19:43:59",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11146"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-vrf9-cjcp-rwcr"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 18.3R3-S4, 18.4R2-S5, 18.4R3-S5, 19.1R3-S3, 19.2R3, 19.3R3, 19.4R2-S2, 20.1R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11146",
"defect": [
"1452431"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS: NFX Series: Local Command Execution Vulnerability in JDMD Leads to Privilege Escalation",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0253",
"STATE": "PUBLIC",
"TITLE": "Junos OS: NFX Series: Local Command Execution Vulnerability in JDMD Leads to Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "NFX Series",
"version_affected": "\u003e=",
"version_name": "17.2",
"version_value": "17.2R1"
},
{
"platform": "NFX Series",
"version_affected": "\u003c",
"version_value": "18.3R3-S4"
},
{
"platform": "NFX Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S5"
},
{
"platform": "NFX Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S3"
},
{
"platform": "NFX Series",
"version_affected": "\u003e=",
"version_name": "19.2",
"version_value": "19.1R2"
},
{
"platform": "NFX Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R3"
},
{
"platform": "NFX Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3"
},
{
"platform": "NFX Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S2"
},
{
"platform": "NFX Series",
"version_affected": "\u003e",
"version_name": "19.4",
"version_value": "19.4R3"
},
{
"version_affected": "!\u003c",
"version_value": "17.2R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "There is no specific software configuration required to be affected by this issue on affected platforms and products."
}
],
"credit": [
{
"lang": "eng",
"value": "Cyrille CHATRAS from Orange group"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This issue affects Juniper Networks Junos OS on NFX Series 17.2 version 17.2R1 and later versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S3; 19.2 version 19.1R2 and later versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2-S2. 19.4 versions 19.4R3 and above. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1. This issue does not affect the JDMD as used by Junos Node Slicing such as External Servers use in conjunction with Junos Node Slicing and In-Chassis Junos Node Slicing on MX480, MX960, MX2008, MX2010, MX2020."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "20 - Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11146",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11146"
},
{
"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-vrf9-cjcp-rwcr",
"refsource": "MISC",
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-vrf9-cjcp-rwcr"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 18.3R3-S4, 18.4R2-S5, 18.4R3-S5, 19.1R3-S3, 19.2R3, 19.3R3, 19.4R2-S2, 20.1R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11146",
"defect": [
"1452431"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0253",
"datePublished": "2021-04-22T19:37:14.772975Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T22:20:29.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0252 (GCVE-0-2021-0252)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 01:35
VLAI?
EPSS
Summary
NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This issue affects Juniper Networks Junos OS on NFX Series: 18.1 version 18.1R1 and later versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2. This issue does not affect: Juniper Networks Junos OS versions prior to 18.1R1. This issue does not affect the JDMD as used by Junos Node Slicing such as External Servers use in conjunction with Junos Node Slicing and In-Chassis Junos Node Slicing on MX480, MX960, MX2008, MX2010, MX2020.
Severity ?
7.8 (High)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
18.1R1 , < 18.1*
(custom)
Affected: 18.2 , < 18.2R3-S5 (custom) Affected: 18.3 , < 18.3R2-S4, 18.3R3-S3 (custom) Affected: 18.4 , < 18.4R2-S5, 18.4R3-S4 (custom) Affected: 19.1 , < 19.1R1-S3, 19.1R2 (custom) Affected: 19.2 , < 19.2R1-S5, 19.2R2 (custom) |
|||||||
|
|||||||||
Credits
Loic RESTOUX from Orange group
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11145"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-gr7j-26pv-5v57"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"NFX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.1*",
"status": "affected",
"version": "18.1R1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S5",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R2-S4, 18.3R3-S3",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S5, 18.4R3-S4",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S3, 19.1R2",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S5, 19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.1R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "There is no specific software configuration required to be affected by this issue on affected platforms and products."
}
],
"credits": [
{
"lang": "en",
"value": "Loic RESTOUX from Orange group"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This issue affects Juniper Networks Junos OS on NFX Series: 18.1 version 18.1R1 and later versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2. This issue does not affect: Juniper Networks Junos OS versions prior to 18.1R1. This issue does not affect the JDMD as used by Junos Node Slicing such as External Servers use in conjunction with Junos Node Slicing and In-Chassis Junos Node Slicing on MX480, MX960, MX2008, MX2010, MX2020."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of these vulnerabilities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T19:27:23",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11145"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-gr7j-26pv-5v57"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS: 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R1-S3, 19.1R2, 19.2R1-S5, 19.2R2, 19.3R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11145",
"defect": [
"1452147"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS: NFX Series: Local Code Execution Vulnerability in JDMD Leads to Privilege Escalation",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for these issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0252",
"STATE": "PUBLIC",
"TITLE": "Junos OS: NFX Series: Local Code Execution Vulnerability in JDMD Leads to Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "NFX Series",
"version_affected": "\u003e=",
"version_name": "18.1",
"version_value": "18.1R1"
},
{
"platform": "NFX Series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S5"
},
{
"platform": "NFX Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S3"
},
{
"platform": "NFX Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S4"
},
{
"platform": "NFX Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S3, 19.1R2"
},
{
"platform": "NFX Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"version_affected": "!\u003c",
"version_value": "18.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "There is no specific software configuration required to be affected by this issue on affected platforms and products."
}
],
"credit": [
{
"lang": "eng",
"value": "Loic RESTOUX from Orange group"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This issue affects Juniper Networks Junos OS on NFX Series: 18.1 version 18.1R1 and later versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2. This issue does not affect: Juniper Networks Junos OS versions prior to 18.1R1. This issue does not affect the JDMD as used by Junos Node Slicing such as External Servers use in conjunction with Junos Node Slicing and In-Chassis Junos Node Slicing on MX480, MX960, MX2008, MX2010, MX2020."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of these vulnerabilities."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11145",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11145"
},
{
"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-gr7j-26pv-5v57",
"refsource": "MISC",
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-gr7j-26pv-5v57"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS: 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R1-S3, 19.1R2, 19.2R1-S5, 19.2R2, 19.3R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11145",
"defect": [
"1452147"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for these issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0252",
"datePublished": "2021-04-22T19:37:14.078190Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T01:35:56.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0243 (GCVE-0-2021-0243)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 00:51
VLAI?
EPSS
Summary
Improper Handling of Unexpected Data in the firewall policer of Juniper Networks Junos OS on EX4300 switches allows matching traffic to exceed set policer limits, possibly leading to a limited Denial of Service (DoS) condition. When the firewall policer discard action fails on a Layer 2 port, it will allow traffic to pass even though it exceeds set policer limits. Traffic will not get discarded, and will be forwarded even though a policer discard action is configured. When the issue occurs, traffic is not discarded as desired, which can be observed by comparing the Input bytes with the Output bytes using the following command: user@junos> monitor interface traffic Interface Link Input bytes (bps) Output bytes (bps) ge-0/0/0 Up 37425422 (82616) 37425354 (82616) <<<< egress ge-0/0/1 Up 37425898 (82616) 37425354 (82616) <<<< ingress The expected output, with input and output counters differing, is shown below: Interface Link Input bytes (bps) Output bytes (bps) ge-0/0/0 Up 342420570 (54600) 342422760 (54600) <<<< egress ge-0/0/1 Up 517672120 (84000) 342420570 (54600) <<<< ingress This issue only affects IPv4 policing. IPv6 traffic and firewall policing actions are not affected by this issue. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2.
Severity ?
4.7 (Medium)
CWE
- CWE-241 - Improper Handling of Unexpected Data Type
- Denial of Service (DoS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 17.3R3-S10
(custom)
Affected: 17.4 , < 17.4R3-S3 (custom) Affected: 18.1 , < 18.1R3-S11 (custom) Affected: 18.2 , < 18.2R3-S6 (custom) Affected: 18.3 , < 18.3R3-S4 (custom) Affected: 18.4 , < 18.4R3-S6 (custom) Affected: 19.1 , < 19.1R3-S3 (custom) Affected: 19.2 , < 19.2R3-S1 (custom) Affected: 19.3 , < 19.3R3-S1 (custom) Affected: 19.4 , < 19.4R3 (custom) Affected: 20.1 , < 20.1R2 (custom) Affected: 20.2 , < 20.2R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"EX4300"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.3R3-S10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "17.4R3-S3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S11",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S6",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S4",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R3-S6",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S3",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R3-S1",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S1",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "A sample affected firewall policer configuration is shown below:\n\n set interfaces ge-0/0/1 unit 0 family ethernet-switching filter input TEST-Policer\n set firewall family ethernet-switching filter TEST-Policer term 1 from ip-source-address 10.1.1.0/24\n set firewall family ethernet-switching filter TEST-Policer term 1 then accept\n set firewall family ethernet-switching filter TEST-Policer term 1 then policer TEST-Policer-Bandwidth\n set firewall policer TEST-Policer-Bandwidth if-exceeding bandwidth-limit 50k\n set firewall policer TEST-Policer-Bandwidth if-exceeding burst-size-limit 1500\n set firewall policer TEST-Policer-Bandwidth then discard"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Handling of Unexpected Data in the firewall policer of Juniper Networks Junos OS on EX4300 switches allows matching traffic to exceed set policer limits, possibly leading to a limited Denial of Service (DoS) condition. When the firewall policer discard action fails on a Layer 2 port, it will allow traffic to pass even though it exceeds set policer limits. Traffic will not get discarded, and will be forwarded even though a policer discard action is configured. When the issue occurs, traffic is not discarded as desired, which can be observed by comparing the Input bytes with the Output bytes using the following command: user@junos\u003e monitor interface traffic Interface Link Input bytes (bps) Output bytes (bps) ge-0/0/0 Up 37425422 (82616) 37425354 (82616) \u003c\u003c\u003c\u003c egress ge-0/0/1 Up 37425898 (82616) 37425354 (82616) \u003c\u003c\u003c\u003c ingress The expected output, with input and output counters differing, is shown below: Interface Link Input bytes (bps) Output bytes (bps) ge-0/0/0 Up 342420570 (54600) 342422760 (54600) \u003c\u003c\u003c\u003c egress ge-0/0/1 Up 517672120 (84000) 342420570 (54600) \u003c\u003c\u003c\u003c ingress This issue only affects IPv4 policing. IPv6 traffic and firewall policing actions are not affected by this issue. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-241",
"description": "CWE-241 Improper Handling of Unexpected Data Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:07",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11136"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S10, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.3R3-S4, 18.4R3-S6, 19.1R3-S3, 19.2R3-S1, 19.3R3-S1, 19.4R3, 20.1R2, 20.2R2, 20.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11136",
"defect": [
"1532670"
],
"discovery": "USER"
},
"title": "Junos OS: EX4300: Stateless firewall policer fails to discard traffic",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0243",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX4300: Stateless firewall policer fails to discard traffic"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX4300",
"version_affected": "\u003c",
"version_value": "17.3R3-S10"
},
{
"platform": "EX4300",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R3-S3"
},
{
"platform": "EX4300",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"platform": "EX4300",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S6"
},
{
"platform": "EX4300",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S4"
},
{
"platform": "EX4300",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R3-S6"
},
{
"platform": "EX4300",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S3"
},
{
"platform": "EX4300",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R3-S1"
},
{
"platform": "EX4300",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S1"
},
{
"platform": "EX4300",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3"
},
{
"platform": "EX4300",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2"
},
{
"platform": "EX4300",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "A sample affected firewall policer configuration is shown below:\n\n set interfaces ge-0/0/1 unit 0 family ethernet-switching filter input TEST-Policer\n set firewall family ethernet-switching filter TEST-Policer term 1 from ip-source-address 10.1.1.0/24\n set firewall family ethernet-switching filter TEST-Policer term 1 then accept\n set firewall family ethernet-switching filter TEST-Policer term 1 then policer TEST-Policer-Bandwidth\n set firewall policer TEST-Policer-Bandwidth if-exceeding bandwidth-limit 50k\n set firewall policer TEST-Policer-Bandwidth if-exceeding burst-size-limit 1500\n set firewall policer TEST-Policer-Bandwidth then discard"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Handling of Unexpected Data in the firewall policer of Juniper Networks Junos OS on EX4300 switches allows matching traffic to exceed set policer limits, possibly leading to a limited Denial of Service (DoS) condition. When the firewall policer discard action fails on a Layer 2 port, it will allow traffic to pass even though it exceeds set policer limits. Traffic will not get discarded, and will be forwarded even though a policer discard action is configured. When the issue occurs, traffic is not discarded as desired, which can be observed by comparing the Input bytes with the Output bytes using the following command: user@junos\u003e monitor interface traffic Interface Link Input bytes (bps) Output bytes (bps) ge-0/0/0 Up 37425422 (82616) 37425354 (82616) \u003c\u003c\u003c\u003c egress ge-0/0/1 Up 37425898 (82616) 37425354 (82616) \u003c\u003c\u003c\u003c ingress The expected output, with input and output counters differing, is shown below: Interface Link Input bytes (bps) Output bytes (bps) ge-0/0/0 Up 342420570 (54600) 342422760 (54600) \u003c\u003c\u003c\u003c egress ge-0/0/1 Up 517672120 (84000) 342420570 (54600) \u003c\u003c\u003c\u003c ingress This issue only affects IPv4 policing. IPv6 traffic and firewall policing actions are not affected by this issue. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-241 Improper Handling of Unexpected Data Type"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11136",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11136"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S10, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.3R3-S4, 18.4R3-S6, 19.1R3-S3, 19.2R3-S1, 19.3R3-S1, 19.4R3, 20.1R2, 20.2R2, 20.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11136",
"defect": [
"1532670"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0243",
"datePublished": "2021-04-22T19:37:08.073257Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T00:51:52.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0244 (GCVE-0-2021-0244)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 19:56
VLAI?
EPSS
Summary
A signal handler race condition exists in the Layer 2 Address Learning Daemon (L2ALD) of Juniper Networks Junos OS due to the absence of a specific protection mechanism to avoid a race condition which may allow an attacker to bypass the storm-control feature on devices. This issue is a corner case and only occurs during specific actions taken by an administrator of a device under certain specifics actions which triggers the event. The event occurs less frequently on devices which are not configured with Virtual Chassis configurations, and more frequently on devices configured in Virtual Chassis configurations. This issue is not specific to any particular Junos OS platform. An Indicator of Compromise (IoC) may be seen by reviewing log files for the following error message seen by executing the following show statement: show log messages | grep storm Result to look for: /kernel: GENCFG: op 58 (Storm Control Blob) failed; err 1 (Unknown) This issue affects: Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D49 on EX Series; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D191, 15.1X49-D200 on SRX Series; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11, 16.2R3; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R2-S6, 18.2R3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2.
Severity ?
7.4 (High)
CWE
- 364 - Signal Handler Race Condition
- Denial of Service (DoS)
- Absence of a specific protection mechanism to avoid a race condition.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
14.1X53 , < 14.1X53-D49
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11137"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"EX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "14.1X53-D49",
"status": "affected",
"version": "14.1X53",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1R7-S6",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "16.1R7-S7",
"status": "affected",
"version": "16.1",
"versionType": "custom"
},
{
"lessThan": "16.2R2-S11, 16.2R3",
"status": "affected",
"version": "16.2",
"versionType": "custom"
},
{
"lessThan": "17.1R2-S11, 17.1R3",
"status": "affected",
"version": "17.1",
"versionType": "custom"
},
{
"lessThan": "17.2R2-S8, 17.2R3-S3",
"status": "affected",
"version": "17.2",
"versionType": "custom"
},
{
"lessThan": "17.3R2-S5, 17.3R3-S7",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S9, 17.4R3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S5",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S6, 18.2R3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R1-S7, 18.3R2-S3, 18.3R3",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S5, 18.4R2",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S4, 19.1R2",
"status": "affected",
"version": "19.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1X49-D191, 15.1X49-D200",
"status": "affected",
"version": "15.1X49",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Devices configured with storm control may be impacted. To review if a device is configured with storm control, refer to the command structure under: \n show storm_cntl profile \n\nExamples of of storm control configurations follow: \n\nFor Enhanced Layer 2 Software (ELS) release:\n\n [interfaces \u003cinterface-name\u003e unit 0 family ethernet-switching storm-control \u003cprofile-name\u003e]\n\n(see https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/rate-limiting-storm-control-disabling-cli-els.html for reference)\n\nFor non-ELS release:\n\n [ethernet-switching-options storm-control interface \u003cRGT_interface\u003e]\nor\n [ethernet-switching-options storm-control interface all]\n\n(see https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/rate-limiting-storm-control-disabling-cli.html for reference)\n\nRefer to your specific product guides and the Junos OS Security Services Administration Guide for further information located at https://www.juniper.net/documentation/en_US/junos/information-products/pathway-pages/system-basics/security-services.html"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A signal handler race condition exists in the Layer 2 Address Learning Daemon (L2ALD) of Juniper Networks Junos OS due to the absence of a specific protection mechanism to avoid a race condition which may allow an attacker to bypass the storm-control feature on devices. This issue is a corner case and only occurs during specific actions taken by an administrator of a device under certain specifics actions which triggers the event. The event occurs less frequently on devices which are not configured with Virtual Chassis configurations, and more frequently on devices configured in Virtual Chassis configurations. This issue is not specific to any particular Junos OS platform. An Indicator of Compromise (IoC) may be seen by reviewing log files for the following error message seen by executing the following show statement: show log messages | grep storm Result to look for: /kernel: GENCFG: op 58 (Storm Control Blob) failed; err 1 (Unknown) This issue affects: Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D49 on EX Series; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D191, 15.1X49-D200 on SRX Series; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11, 16.2R3; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R2-S6, 18.2R3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "364 - Signal Handler Race Condition",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"description": "Absence of a specific protection mechanism to avoid a race condition.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:08",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11137"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 14.1X53-D49, 15.1R7-S6, 15.1X49-D191, 15.1X49-D200, 15.1X53-D592, 16.1R7-S7, 16.1R8, 16.2R2-S11, 16.2R3, 17.1R2-S11, 17.1R3, 17.2R2-S8, 17.2R3-S3, 17.3R2-S5, 17.3R3-S7, 17.4R2-S9, 17.4R3, 18.1R3-S5, 18.2R2-S6, 18.2R3, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S5, 18.4R2, 19.1R1-S4, 19.1R2, 19.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11137",
"defect": [
"1403424"
],
"discovery": "USER"
},
"title": "Junos OS: A race condition in the storm control profile may allow an attacker to cause a Denial of Service condition",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue other than rebooting the device and monitoring for the Indicator of Compromise (IoC). Once the condition is cleared from the log files - the absence of the error message indicates the condition has cleared - the device is not exploitable to the situation, and the actions taken which lead to the IoC being present should not be taken again, until a fixed release can be applied."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0244",
"STATE": "PUBLIC",
"TITLE": "Junos OS: A race condition in the storm control profile may allow an attacker to cause a Denial of Service condition"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX Series",
"version_affected": "\u003c",
"version_name": "14.1X53",
"version_value": "14.1X53-D49"
},
{
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S6"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "15.1X49",
"version_value": "15.1X49-D191, 15.1X49-D200"
},
{
"version_affected": "\u003c",
"version_name": "16.1",
"version_value": "16.1R7-S7"
},
{
"version_affected": "\u003c",
"version_name": "16.2",
"version_value": "16.2R2-S11, 16.2R3"
},
{
"version_affected": "\u003c",
"version_name": "17.1",
"version_value": "17.1R2-S11, 17.1R3"
},
{
"version_affected": "\u003c",
"version_name": "17.2",
"version_value": "17.2R2-S8, 17.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R2-S5, 17.3R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S9, 17.4R3"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S6, 18.2R3"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R1-S7, 18.3R2-S3, 18.3R3"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S5, 18.4R2"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S4, 19.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "Devices configured with storm control may be impacted. To review if a device is configured with storm control, refer to the command structure under: \n show storm_cntl profile \n\nExamples of of storm control configurations follow: \n\nFor Enhanced Layer 2 Software (ELS) release:\n\n [interfaces \u003cinterface-name\u003e unit 0 family ethernet-switching storm-control \u003cprofile-name\u003e]\n\n(see https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/rate-limiting-storm-control-disabling-cli-els.html for reference)\n\nFor non-ELS release:\n\n [ethernet-switching-options storm-control interface \u003cRGT_interface\u003e]\nor\n [ethernet-switching-options storm-control interface all]\n\n(see https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/rate-limiting-storm-control-disabling-cli.html for reference)\n\nRefer to your specific product guides and the Junos OS Security Services Administration Guide for further information located at https://www.juniper.net/documentation/en_US/junos/information-products/pathway-pages/system-basics/security-services.html"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A signal handler race condition exists in the Layer 2 Address Learning Daemon (L2ALD) of Juniper Networks Junos OS due to the absence of a specific protection mechanism to avoid a race condition which may allow an attacker to bypass the storm-control feature on devices. This issue is a corner case and only occurs during specific actions taken by an administrator of a device under certain specifics actions which triggers the event. The event occurs less frequently on devices which are not configured with Virtual Chassis configurations, and more frequently on devices configured in Virtual Chassis configurations. This issue is not specific to any particular Junos OS platform. An Indicator of Compromise (IoC) may be seen by reviewing log files for the following error message seen by executing the following show statement: show log messages | grep storm Result to look for: /kernel: GENCFG: op 58 (Storm Control Blob) failed; err 1 (Unknown) This issue affects: Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D49 on EX Series; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D191, 15.1X49-D200 on SRX Series; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11, 16.2R3; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R2-S6, 18.2R3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "364 - Signal Handler Race Condition"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Absence of a specific protection mechanism to avoid a race condition."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11137",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11137"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 14.1X53-D49, 15.1R7-S6, 15.1X49-D191, 15.1X49-D200, 15.1X53-D592, 16.1R7-S7, 16.1R8, 16.2R2-S11, 16.2R3, 17.1R2-S11, 17.1R3, 17.2R2-S8, 17.2R3-S3, 17.3R2-S5, 17.3R3-S7, 17.4R2-S9, 17.4R3, 18.1R3-S5, 18.2R2-S6, 18.2R3, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S5, 18.4R2, 19.1R1-S4, 19.1R2, 19.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11137",
"defect": [
"1403424"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue other than rebooting the device and monitoring for the Indicator of Compromise (IoC). Once the condition is cleared from the log files - the absence of the error message indicates the condition has cleared - the device is not exploitable to the situation, and the actions taken which lead to the IoC being present should not be taken again, until a fixed release can be applied."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0244",
"datePublished": "2021-04-22T19:37:08.716154Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T19:56:59.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0269 (GCVE-0-2021-0269)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 01:12
VLAI?
EPSS
Summary
The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web. An attacker may be able to supersede existing parameters, including hardcoded parameters within the HTTP/S session, access and exploit variables, bypass web application firewall rules or input validation mechanisms, and otherwise alter and modify J-Web's normal behavior. An attacker may be able to transition victims to malicious web services, or exfiltrate sensitive information from otherwise secure web forms. This issue affects: Juniper Networks Junos OS: All versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2.
Severity ?
8.8 (High)
CWE
- CWE-233 - Improper Handling of Parameters
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 17.4R3-S3
(custom)
Affected: 18.1 , < 18.1R3-S12 (custom) Affected: 18.2 , < 18.2R3-S6 (custom) Affected: 18.3 , < 18.3R3-S4 (custom) Affected: 18.4 , < 18.4R3-S6 (custom) Affected: 19.1 , < 19.1R3-S4 (custom) Affected: 19.2 , < 19.2R3-S1 (custom) Affected: 19.3 , < 19.3R3-S1 (custom) Affected: 19.4 , < 19.4R2-S2, 19.4R3 (custom) Affected: 20.1 , < 20.1R2 (custom) Affected: 20.2 , < 20.2R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.4R3-S3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S12",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S6",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S4",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R3-S6",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S4",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R3-S1",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S1",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S2, 19.4R3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue requires J-Web to be enabled on the device.\n\nThe examples of the config stanza affected by this issue:\n [system services web-management http]\n [system services web-management https]"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web. An attacker may be able to supersede existing parameters, including hardcoded parameters within the HTTP/S session, access and exploit variables, bypass web application firewall rules or input validation mechanisms, and otherwise alter and modify J-Web\u0027s normal behavior. An attacker may be able to transition victims to malicious web services, or exfiltrate sensitive information from otherwise secure web forms. This issue affects: Juniper Networks Junos OS: All versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-233",
"description": "CWE-233: Improper Handling of Parameters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:25",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11160"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 17.4R3-S3, 18.1R3-S12, 18.2R3-S6, 18.3R3-S4, 18.4R3-S6, 19.1R3-S4, 19.2R3-S1, 19.3R3-S1, 19.4R2-S2, 19.4R3, 20.1R2, 20.2R2, 20.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11160",
"defect": [
"1501588"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: J-Web can be compromised through reflected client-side HTTP parameter pollution attacks.",
"workarounds": [
{
"lang": "en",
"value": "To reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts. \n\nAccess the J-Web service from trusted hosts which may not be compromised by cross-site scripting attacks, for example, deploying jump hosts with no internet access.\n\nAlternatively, disable J-Web."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0269",
"STATE": "PUBLIC",
"TITLE": "Junos OS: J-Web can be compromised through reflected client-side HTTP parameter pollution attacks."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "17.4R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S12"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S2, 19.4R3"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue requires J-Web to be enabled on the device.\n\nThe examples of the config stanza affected by this issue:\n [system services web-management http]\n [system services web-management https]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web. An attacker may be able to supersede existing parameters, including hardcoded parameters within the HTTP/S session, access and exploit variables, bypass web application firewall rules or input validation mechanisms, and otherwise alter and modify J-Web\u0027s normal behavior. An attacker may be able to transition victims to malicious web services, or exfiltrate sensitive information from otherwise secure web forms. This issue affects: Juniper Networks Junos OS: All versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-233: Improper Handling of Parameters"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11160",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11160"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 17.4R3-S3, 18.1R3-S12, 18.2R3-S6, 18.3R3-S4, 18.4R3-S6, 19.1R3-S4, 19.2R3-S1, 19.3R3-S1, 19.4R2-S2, 19.4R3, 20.1R2, 20.2R2, 20.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11160",
"defect": [
"1501588"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "To reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts. \n\nAccess the J-Web service from trusted hosts which may not be compromised by cross-site scripting attacks, for example, deploying jump hosts with no internet access.\n\nAlternatively, disable J-Web."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0269",
"datePublished": "2021-04-22T19:37:25.649841Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T01:12:12.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0267 (GCVE-0-2021-0267)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 03:54
VLAI?
EPSS
Summary
An Improper Input Validation vulnerability in the active-lease query portion in JDHCPD's DHCP Relay Agent of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending a crafted DHCP packet to the device thereby crashing the jdhcpd DHCP service. This is typically configured for Broadband Subscriber Sessions. Continued receipt and processing of this crafted packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Junos OS Evolved.
Severity ?
7.4 (High)
CWE
- CWE-20 - Improper Input Validation
- Denial of Service (DoS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
19.4 , < 19.4R3-S1
(custom)
Affected: 20.1 , < 20.1R2-S1, 20.1R3 (custom) Affected: 20.2 , < 20.2R3 (custom) Affected: 20.3 , < 20.3R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11158"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/subscriber-mgmt-sessions/topics/ref/statement/active-leasequery-edit-forwarding-options.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.4R3-S1",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2-S1, 20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue requires active-lease query with none or greater optional settings to be configured in one or more hierarchy locations.\n\n active-leasequery {\n idle-timeout \"seconds\"; (optional)\n peer-address \"address\"; (optional)\n timeout \"seconds\"; (optional)\n topology-discover; (optional)\n }\n\nwith\n\n [forwarding-options dhcp-relay],\n [forwarding-options dhcp-relay dhcpv6],\n [logical-systems logical-system-name ...],\n [logical-systems logical-system-name routing-instances routing-instance-name ...],\n [routing-instances routing-instance-name ...]"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability in the active-lease query portion in JDHCPD\u0027s DHCP Relay Agent of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending a crafted DHCP packet to the device thereby crashing the jdhcpd DHCP service. This is typically configured for Broadband Subscriber Sessions. Continued receipt and processing of this crafted packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Junos OS Evolved."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:24",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11158"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/subscriber-mgmt-sessions/topics/ref/statement/active-leasequery-edit-forwarding-options.html"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 19.4R3-S1, 20.1R2-S1, 20.1R3, 20.2R3, 20.3R2, 20.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11158",
"defect": [
"1534814"
],
"discovery": "USER"
},
"title": "Junos OS: Receipt of a crafted DHCP packet will cause the jdhcpd DHCP service to core.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0267",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Receipt of a crafted DHCP packet will cause the jdhcpd DHCP service to core."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2-S1, 20.1R3"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue requires active-lease query with none or greater optional settings to be configured in one or more hierarchy locations.\n\n active-leasequery {\n idle-timeout \"seconds\"; (optional)\n peer-address \"address\"; (optional)\n timeout \"seconds\"; (optional)\n topology-discover; (optional)\n }\n\nwith\n\n [forwarding-options dhcp-relay],\n [forwarding-options dhcp-relay dhcpv6],\n [logical-systems logical-system-name ...],\n [logical-systems logical-system-name routing-instances routing-instance-name ...],\n [routing-instances routing-instance-name ...]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Input Validation vulnerability in the active-lease query portion in JDHCPD\u0027s DHCP Relay Agent of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending a crafted DHCP packet to the device thereby crashing the jdhcpd DHCP service. This is typically configured for Broadband Subscriber Sessions. Continued receipt and processing of this crafted packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Junos OS Evolved."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11158",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11158"
},
{
"name": "https://www.juniper.net/documentation/us/en/software/junos/subscriber-mgmt-sessions/topics/ref/statement/active-leasequery-edit-forwarding-options.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/us/en/software/junos/subscriber-mgmt-sessions/topics/ref/statement/active-leasequery-edit-forwarding-options.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 19.4R3-S1, 20.1R2-S1, 20.1R3, 20.2R3, 20.3R2, 20.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11158",
"defect": [
"1534814"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0267",
"datePublished": "2021-04-22T19:37:24.295896Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T03:54:44.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0254 (GCVE-0-2021-0254)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 20:11
VLAI?
EPSS
Summary
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). Continued receipt and processing of these packets will sustain the partial DoS. The overlayd daemon handles Overlay OAM packets, such as ping and traceroute, sent to the overlay. The service runs as root by default and listens for UDP connections on port 4789. This issue results from improper buffer size validation, which can lead to a buffer overflow. Unauthenticated attackers can send specially crafted packets to trigger this vulnerability, resulting in possible remote code execution. overlayd runs by default in MX Series, ACX Series, and QFX Series platforms. The SRX Series does not support VXLAN and is therefore not vulnerable to this issue. Other platforms are also vulnerable if a Virtual Extensible LAN (VXLAN) overlay network is configured. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1.
Severity ?
9.8 (Critical)
CWE
- CWE-131 - Incorrect Calculation of Buffer Size
- Denial of Service (DoS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
15.1 , < 15.1R7-S9
(custom)
Affected: 17.3 , < 17.3R3-S11 (custom) Affected: 17.4 , < 17.4R2-S13, 17.4R3-S4 (custom) Affected: 18.1 , < 18.1R3-S12 (custom) Affected: 18.2 , < 18.2R2-S8, 18.2R3-S7 (custom) Affected: 18.3 , < 18.3R3-S4 (custom) Affected: 18.4 , < 18.4R1-S8, 18.4R2-S7, 18.4R3-S7 (custom) Affected: 19.1 , < 19.1R2-S2, 19.1R3-S4 (custom) Affected: 19.2 , < 19.2R1-S6, 19.2R3-S2 (custom) Affected: 19.3 , < 19.3R3-S1 (custom) Affected: 19.4 , < 19.4R2-S4, 19.4R3-S1 (custom) Affected: 20.1 , < 20.1R2-S1, 20.1R3 (custom) Affected: 20.2 , < 20.2R2, 20.2R2-S1, 20.2R3 (custom) Affected: 20.3 , < 20.3R1-S1 (custom) |
Credits
Juniper SIRT would like to acknowledge and thank Hoàng Thạch Nguyễn (d4rkn3ss) of STAR Labs for responsibly reporting this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1R7-S9",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S11",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S13, 17.4R3-S4",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S12",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S8, 18.2R3-S7",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S4",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S8, 18.4R2-S7, 18.4R3-S7",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S2, 19.1R3-S4",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S6, 19.2R3-S2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S1",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S4, 19.4R3-S1",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2-S1, 20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2, 20.2R2-S1, 20.2R3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R1-S1",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "There is no minimum configuration required to be vulnerable to this issue."
}
],
"credits": [
{
"lang": "en",
"value": "Juniper SIRT would like to acknowledge and thank Ho\u00e0ng Th\u1ea1ch Nguy\u1ec5n (d4rkn3ss) of STAR Labs for responsibly reporting this vulnerability."
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). Continued receipt and processing of these packets will sustain the partial DoS. The overlayd daemon handles Overlay OAM packets, such as ping and traceroute, sent to the overlay. The service runs as root by default and listens for UDP connections on port 4789. This issue results from improper buffer size validation, which can lead to a buffer overflow. Unauthenticated attackers can send specially crafted packets to trigger this vulnerability, resulting in possible remote code execution. overlayd runs by default in MX Series, ACX Series, and QFX Series platforms. The SRX Series does not support VXLAN and is therefore not vulnerable to this issue. Other platforms are also vulnerable if a Virtual Extensible LAN (VXLAN) overlay network is configured. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131 Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:15",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11147"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1X49-D240, 15.1R7-S9, 17.3R3-S11, 17.4R2-S13, 17.4R3-S4, 18.1R3-S12, 18.2R2-S8, 18.2R3-S7, 18.3R3-S4, 18.4R1-S8, 18.4R2-S7, 18.4R3-S7, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R3-S1, 19.4R2-S4, 19.4R3-S1, 20.1R2-S1, 20.1R3, 20.2R2, 20.2R2-S1, 20.2R3, 20.3R1-S1, 20.4R1, and all subsequent releases.\n\nThis fix has also been proactively committed into other releases that might not be vulnerable to this issue."
}
],
"source": {
"advisory": "JSA11147",
"defect": [
"1548415"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS: Remote code execution vulnerability in overlayd service",
"workarounds": [
{
"lang": "en",
"value": "Two methods exist to mitigate this issue:\n\n1. Limit the exploitable attack surface of critical infrastructure networking equipment by using access lists or firewall filters to limit access to the device via UDP only from trusted, administrative networks or hosts.\n\n2. Disable Overlay OAM packet via the configuration command: \u0027set system processes overlay-ping-traceroute disable\u0027"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0254",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Remote code execution vulnerability in overlayd service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S9"
},
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S11"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S13, 17.4R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S12"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S8, 18.2R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S8, 18.4R2-S7, 18.4R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S6, 19.2R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S4, 19.4R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2-S1, 20.1R3"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2, 20.2R2-S1, 20.2R3"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R1-S1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "There is no minimum configuration required to be vulnerable to this issue."
}
],
"credit": [
{
"lang": "eng",
"value": "Juniper SIRT would like to acknowledge and thank Ho\u00e0ng Th\u1ea1ch Nguy\u1ec5n (d4rkn3ss) of STAR Labs for responsibly reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). Continued receipt and processing of these packets will sustain the partial DoS. The overlayd daemon handles Overlay OAM packets, such as ping and traceroute, sent to the overlay. The service runs as root by default and listens for UDP connections on port 4789. This issue results from improper buffer size validation, which can lead to a buffer overflow. Unauthenticated attackers can send specially crafted packets to trigger this vulnerability, resulting in possible remote code execution. overlayd runs by default in MX Series, ACX Series, and QFX Series platforms. The SRX Series does not support VXLAN and is therefore not vulnerable to this issue. Other platforms are also vulnerable if a Virtual Extensible LAN (VXLAN) overlay network is configured. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-131 Incorrect Calculation of Buffer Size"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11147",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11147"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1X49-D240, 15.1R7-S9, 17.3R3-S11, 17.4R2-S13, 17.4R3-S4, 18.1R3-S12, 18.2R2-S8, 18.2R3-S7, 18.3R3-S4, 18.4R1-S8, 18.4R2-S7, 18.4R3-S7, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R3-S1, 19.4R2-S4, 19.4R3-S1, 20.1R2-S1, 20.1R3, 20.2R2, 20.2R2-S1, 20.2R3, 20.3R1-S1, 20.4R1, and all subsequent releases.\n\nThis fix has also been proactively committed into other releases that might not be vulnerable to this issue."
}
],
"source": {
"advisory": "JSA11147",
"defect": [
"1548415"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Two methods exist to mitigate this issue:\n\n1. Limit the exploitable attack surface of critical infrastructure networking equipment by using access lists or firewall filters to limit access to the device via UDP only from trusted, administrative networks or hosts.\n\n2. Disable Overlay OAM packet via the configuration command: \u0027set system processes overlay-ping-traceroute disable\u0027"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0254",
"datePublished": "2021-04-22T19:37:15.413042Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T20:11:30.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0238 (GCVE-0-2021-0238)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 23:46
VLAI?
EPSS
Summary
When a MX Series is configured as a Broadband Network Gateway (BNG) based on Layer 2 Tunneling Protocol (L2TP), executing certain CLI command may cause the system to run out of disk space, excessive disk usage may cause other complications. An administrator can use the following CLI command to monitor the available disk space: user@device> show system storage Filesystem Size Used Avail Capacity Mounted on /dev/gpt/junos 19G 18G 147M 99% /.mount <<<<< running out of space tmpfs 21G 16K 21G 0% /.mount/tmp tmpfs 5.3G 1.7M 5.3G 0% /.mount/mfs This issue affects Juniper Networks Junos OS on MX Series: 17.3R1 and later versions prior to 17.4R3-S5, 18.1 versions prior to 18.1R3-S13, 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R1-S1, 20.4R2; This issue does not affect Juniper Networks Junos OS versions prior to 17.3R1.
Severity ?
5.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
17.3R1 , < 17.3*
(custom)
Affected: 17.4 , < 17.4R3-S5 (custom) Affected: 18.1 , < 18.1R3-S13 (custom) Affected: 18.2 , < 18.2R3-S7 (custom) Affected: 18.3 , < 18.3R3-S4 (custom) Affected: 18.4 , < 18.4R3-S7 (custom) Affected: 19.1 , < 19.1R3-S4 (custom) Affected: 19.2 , < 19.2R1-S6, 19.2R3-S2 (custom) Affected: 19.3 , < 19.3R3-S2 (custom) Affected: 19.4 , < 19.4R2-S4, 19.4R3-S2 (custom) Affected: 20.1 , < 20.1R3 (custom) Affected: 20.2 , < 20.2R2-S3, 20.2R3 (custom) Affected: 20.3 , < 20.3R2 (custom) Affected: 20.4 , < 20.4R1-S1, 20.4R2 (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11133"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"MX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.3*",
"status": "affected",
"version": "17.3R1",
"versionType": "custom"
},
{
"lessThan": "17.4R3-S5",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S13",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S7",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S4",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R3-S7",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S4",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S6, 19.2R3-S2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S4, 19.4R3-S2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2-S3, 20.2R3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R1-S1, 20.4R2",
"status": "affected",
"version": "20.4",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.3R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When a MX Series is configured as a Broadband Network Gateway (BNG) based on Layer 2 Tunneling Protocol (L2TP), executing certain CLI command may cause the system to run out of disk space, excessive disk usage may cause other complications. An administrator can use the following CLI command to monitor the available disk space: user@device\u003e show system storage Filesystem Size Used Avail Capacity Mounted on /dev/gpt/junos 19G 18G 147M 99% /.mount \u003c\u003c\u003c\u003c\u003c running out of space tmpfs 21G 16K 21G 0% /.mount/tmp tmpfs 5.3G 1.7M 5.3G 0% /.mount/mfs This issue affects Juniper Networks Junos OS on MX Series: 17.3R1 and later versions prior to 17.4R3-S5, 18.1 versions prior to 18.1R3-S13, 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R1-S1, 20.4R2; This issue does not affect Juniper Networks Junos OS versions prior to 17.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:04",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11133"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 17.4R3-S5, 18.1R3-S13, 18.2R3-S7, 18.3R3-S4, 18.4R3-S7, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R3-S2, 19.4R2-S4, 19.4R3-S2, 20.1R3, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1-S1, 20.4R2, 21.1R1, and all subsequent releases.\n\nIf impacted, issue is recoverable after restarting the jl2tpd daemon:\n user@device\u003e restart l2tp-universal-edge"
}
],
"source": {
"advisory": "JSA11133",
"defect": [
"1537772"
],
"discovery": "USER"
},
"title": "Junos OS: MX Series: Executing CLI command repetitively may cause the system to run out of disk space",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to the CLI only trusted administrative networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0238",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series: Executing CLI command repetitively may cause the system to run out of disk space"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": "\u003e=",
"version_name": "17.3",
"version_value": "17.3R1"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R3-S5"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S13"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S7"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S4"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R3-S7"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S4"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S6, 19.2R3-S2"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S2"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S4, 19.4R3-S2"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2-S3, 20.2R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R2"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R1-S1, 20.4R2"
},
{
"version_affected": "!\u003c",
"version_value": "17.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When a MX Series is configured as a Broadband Network Gateway (BNG) based on Layer 2 Tunneling Protocol (L2TP), executing certain CLI command may cause the system to run out of disk space, excessive disk usage may cause other complications. An administrator can use the following CLI command to monitor the available disk space: user@device\u003e show system storage Filesystem Size Used Avail Capacity Mounted on /dev/gpt/junos 19G 18G 147M 99% /.mount \u003c\u003c\u003c\u003c\u003c running out of space tmpfs 21G 16K 21G 0% /.mount/tmp tmpfs 5.3G 1.7M 5.3G 0% /.mount/mfs This issue affects Juniper Networks Junos OS on MX Series: 17.3R1 and later versions prior to 17.4R3-S5, 18.1 versions prior to 18.1R3-S13, 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R1-S1, 20.4R2; This issue does not affect Juniper Networks Junos OS versions prior to 17.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11133",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11133"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 17.4R3-S5, 18.1R3-S13, 18.2R3-S7, 18.3R3-S4, 18.4R3-S7, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R3-S2, 19.4R2-S4, 19.4R3-S2, 20.1R3, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1-S1, 20.4R2, 21.1R1, and all subsequent releases.\n\nIf impacted, issue is recoverable after restarting the jl2tpd daemon:\n user@device\u003e restart l2tp-universal-edge"
}
],
"source": {
"advisory": "JSA11133",
"defect": [
"1537772"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to the CLI only trusted administrative networks, hosts and users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0238",
"datePublished": "2021-04-22T19:37:04.706563Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T23:46:05.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0235 (GCVE-0-2021-0235)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 02:36
VLAI?
EPSS
Summary
On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 version 18.4R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions 19.1R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.3 versions prior to 19.3R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 20.1 versions prior to 20.1R2, 20.1R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.2 versions prior to 20.2R2-S1, 20.2R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.3 versions prior to 20.3R1-S2, 20.3R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.4 versions prior to 20.4R1, 20.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 18.3R1.
Severity ?
7.3 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
18.3R1 , < 18.3*
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:09.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11130"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.3*",
"status": "affected",
"version": "18.3R1",
"versionType": "custom"
}
]
},
{
"platforms": [
"SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.4*",
"status": "affected",
"version": "18.4R1",
"versionType": "custom"
},
{
"lessThan": "19.1*",
"status": "affected",
"version": "19.1R1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S6, 19.2R3-S2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S4, 19.4R3-S2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
}
]
},
{
"platforms": [
"SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.1R2, 20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2-S1, 20.2R3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R1-S2, 20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R1, 20.4R2",
"status": "affected",
"version": "20.4",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.3R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 version 18.4R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions 19.1R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.3 versions prior to 19.3R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 20.1 versions prior to 20.1R2, 20.1R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.2 versions prior to 20.2R2-S1, 20.2R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.3 versions prior to 20.3R1-S2, 20.3R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.4 versions prior to 20.4R1, 20.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 18.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:02",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11130"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.2R1-S6, 19.2R3-S2, 19.3R3-S2, 19.4R2-S4, 19.4R3-S2, 20.1R2, 20.1R3, 20.2R2-S1, 20.2R3, 20.3R1-S2, 20.3R2, 20.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11130",
"defect": [
"1537491"
],
"discovery": "USER"
},
"title": "Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series: In a multi-tenant environment, a tenant host administrator may configure logical firewall isolation affecting other tenant networks",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0235",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series: In a multi-tenant environment, a tenant host administrator may configure logical firewall isolation affecting other tenant networks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2",
"version_affected": "\u003e=",
"version_name": "18.3",
"version_value": "18.3R1"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3",
"version_affected": "\u003e=",
"version_name": "18.4",
"version_value": "18.4R1"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3",
"version_affected": "\u003e=",
"version_name": "19.1",
"version_value": "19.1R1"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S6, 19.2R3-S2"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S2"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S4, 19.4R3-S2"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2, 20.1R3"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2-S1, 20.2R3"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series",
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R1-S2, 20.3R2"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series",
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R1, 20.4R2"
},
{
"version_affected": "!\u003c",
"version_value": "18.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 version 18.4R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions 19.1R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.3 versions prior to 19.3R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 20.1 versions prior to 20.1R2, 20.1R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.2 versions prior to 20.2R2-S1, 20.2R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.3 versions prior to 20.3R1-S2, 20.3R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.4 versions prior to 20.4R1, 20.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 18.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11130",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11130"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.2R1-S6, 19.2R3-S2, 19.3R3-S2, 19.4R2-S4, 19.4R3-S2, 20.1R2, 20.1R3, 20.2R2-S1, 20.2R3, 20.3R1-S2, 20.3R2, 20.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11130",
"defect": [
"1537491"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0235",
"datePublished": "2021-04-22T19:37:02.659805Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T02:36:59.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0248 (GCVE-0-2021-0248)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 22:09
VLAI?
EPSS
Summary
This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an attacker to take over any instance of an NFX deployment. This issue is only exploitable through administrative interfaces. This issue affects: Juniper Networks Junos OS versions prior to 19.1R1 on NFX Series. No other platforms besides NFX Series devices are affected.
Severity ?
10 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 19.1R1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11141"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"NFX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.1R1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an attacker to take over any instance of an NFX deployment. This issue is only exploitable through administrative interfaces. This issue affects: Juniper Networks Junos OS versions prior to 19.1R1 on NFX Series. No other platforms besides NFX Series devices are affected."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:11",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11141"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11141",
"defect": [
"1441248"
],
"discovery": "INTERNAL"
},
"title": "NFX Series: Hard-coded credentials allow an attacker to take control of any instance through administrative interfaces.",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to the device\u0027s administrative interfaces to only trusted administrative networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0248",
"STATE": "PUBLIC",
"TITLE": "NFX Series: Hard-coded credentials allow an attacker to take control of any instance through administrative interfaces."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "NFX Series",
"version_affected": "\u003c",
"version_value": "19.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an attacker to take over any instance of an NFX deployment. This issue is only exploitable through administrative interfaces. This issue affects: Juniper Networks Junos OS versions prior to 19.1R1 on NFX Series. No other platforms besides NFX Series devices are affected."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11141",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11141"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11141",
"defect": [
"1441248"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to the device\u0027s administrative interfaces to only trusted administrative networks, hosts and users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0248",
"datePublished": "2021-04-22T19:37:11.465999Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T22:09:18.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0233 (GCVE-0-2021-0233)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 18:14
VLAI?
EPSS
Summary
A vulnerability in Juniper Networks Junos OS ACX500 Series, ACX4000 Series, may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a Forwarding Engine Board (FFEB) crash. Continued receipt of these packets will sustain the Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on ACX500 Series, ACX4000 Series: 17.4 versions prior to 17.4R3-S2.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
17.4 , < 17.4R3-S2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11128"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"ACX500 Series, ACX4000 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.4R3-S2",
"status": "affected",
"version": "17.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Juniper Networks Junos OS ACX500 Series, ACX4000 Series, may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a Forwarding Engine Board (FFEB) crash. Continued receipt of these packets will sustain the Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on ACX500 Series, ACX4000 Series: 17.4 versions prior to 17.4R3-S2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-794",
"description": "CWE-794: Incomplete Filtering of Multiple Instances of Special Elements",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11128"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 17.4R3-S2, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11128",
"defect": [
"1465802"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: ACX500 Series, ACX4000 Series: Denial of Service due to FFEB crash while processing high rate of specific packets.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0233",
"STATE": "PUBLIC",
"TITLE": "Junos OS: ACX500 Series, ACX4000 Series: Denial of Service due to FFEB crash while processing high rate of specific packets."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "ACX500 Series, ACX4000 Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R3-S2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Juniper Networks Junos OS ACX500 Series, ACX4000 Series, may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a Forwarding Engine Board (FFEB) crash. Continued receipt of these packets will sustain the Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on ACX500 Series, ACX4000 Series: 17.4 versions prior to 17.4R3-S2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-794: Incomplete Filtering of Multiple Instances of Special Elements"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11128",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11128"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 17.4R3-S2, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11128",
"defect": [
"1465802"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0233",
"datePublished": "2021-04-22T19:37:01.321596Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T18:14:29.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0260 (GCVE-0-2021-0260)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 01:06
VLAI?
EPSS
Summary
An improper authorization vulnerability in the Simple Network Management Protocol daemon (snmpd) service of Juniper Networks Junos OS leads an unauthenticated attacker being able to perform SNMP read actions, an Exposure of System Data to an Unauthorized Control Sphere, or write actions to OIDs that support write operations, against the device without authentication. This issue affects: Juniper Networks Junos OS: 17.2 version 17.2R1 and later versions; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S6, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1.
Severity ?
7.3 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Unaffected:
unspecified , < 17.2R1
(custom)
Affected: 17.2R1 , < 17.2* (custom) Affected: 17.3 , < 17.3R3-S9 (custom) Affected: 17.4 , < 17.4R2-S12, 17.4R3-S5 (custom) Affected: 18.1 , < 18.1R3-S13 (custom) Affected: 18.2 , < 18.2R3-S8 (custom) Affected: 18.3 , < 18.3R3-S5 (custom) Affected: 18.4 , < 18.4R1-S8, 18.4R2-S5, 18.4R3 (custom) Affected: 19.1 , < 19.1R2 (custom) Affected: 19.2 , < 19.2R1-S6, 19.2R2 (custom) Affected: 19.3 , < 19.3R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.2R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "17.2*",
"status": "affected",
"version": "17.2R1",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S9",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S12, 17.4R3-S5",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S13",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S8",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S5",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S8, 18.4R2-S5, 18.4R3",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S6, 19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Devices configured with any version of SNMP, regardless of configuration statements or authentication methods are vulnerable to this issue.\nIf the following minimal configuration is present, the device is vulnerable to exploitation:\n [snmp]\n [system management-instance]"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability in the Simple Network Management Protocol daemon (snmpd) service of Juniper Networks Junos OS leads an unauthenticated attacker being able to perform SNMP read actions, an Exposure of System Data to an Unauthorized Control Sphere, or write actions to OIDs that support write operations, against the device without authentication. This issue affects: Juniper Networks Junos OS: 17.2 version 17.2R1 and later versions; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S6, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of System Data to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:19",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11151"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 17.3R3-S9, 17.4R2-S12, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S5, 18.4R3, 19.1R2, 19.2R1-S6, 19.2R2, 19.3R2, 19.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11151",
"defect": [
"1458057"
],
"discovery": "USER"
},
"title": "Junos OS: SNMP fails to properly perform authorization checks on incoming received SNMP requests.",
"workarounds": [
{
"lang": "en",
"value": "The following workaround command will disable SNMP support for the mgmt_junos routing interface and protect the device from being exploited:\n\n # set snmp disable-mgmt-junos-support"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0260",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SNMP fails to properly perform authorization checks on incoming received SNMP requests."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "17.2",
"version_value": "17.2R1"
},
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S9"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S12, 17.4R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S13"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S8"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S8, 18.4R2-S5, 18.4R3"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S6, 19.2R2"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2"
},
{
"version_affected": "!\u003c",
"version_value": "17.2R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "Devices configured with any version of SNMP, regardless of configuration statements or authentication methods are vulnerable to this issue.\nIf the following minimal configuration is present, the device is vulnerable to exploitation:\n [snmp]\n [system management-instance]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authorization vulnerability in the Simple Network Management Protocol daemon (snmpd) service of Juniper Networks Junos OS leads an unauthenticated attacker being able to perform SNMP read actions, an Exposure of System Data to an Unauthorized Control Sphere, or write actions to OIDs that support write operations, against the device without authentication. This issue affects: Juniper Networks Junos OS: 17.2 version 17.2R1 and later versions; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S6, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-497 Exposure of System Data to an Unauthorized Control Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11151",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11151"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 17.3R3-S9, 17.4R2-S12, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S5, 18.4R3, 19.1R2, 19.2R1-S6, 19.2R2, 19.3R2, 19.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11151",
"defect": [
"1458057"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "The following workaround command will disable SNMP support for the mgmt_junos routing interface and protect the device from being exploited:\n\n # set snmp disable-mgmt-junos-support"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0260",
"datePublished": "2021-04-22T19:37:19.523229Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T01:06:17.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…