Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2021-AVI-526
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Juniper Networks SBR Carrier versions 8.4.1 antérieures à 8.4.1R19 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions antérieures à 12.3R12-S19, 15.1R7-S10, 16.1R7-S7, 17.2R3-S3, 17.3R3-S12, 17.4R2-S13, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R2-S9, 18.4R3-S9, 19.1R2-S1, 19.2R1-S7, 19.2R3-S2, 19.3R2-S6, 19.3R3-S3, 19.4R1-S4, 19.4R2, 19.4R2-S4, 19.4R3-S5, 20.1R1, 20.1R2-S2, 20.1R3-S1, 20.2R2-S3, 20.2R3-S2, 20.3R2-S1, 20.3R3, 20.4R1-S1, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.2R1, | ||
| Juniper Networks | N/A | Juniper Networks Contrail Cloud versions antérieures à 13.6.0 | ||
| Juniper Networks | N/A | Juniper Networks SBR Carrier versions 8.6.0 antérieures à 8.6.0R4 | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions antérieures à 20.3R2-EVO, 20.4R2-EVO, 20.4R2-S2-EVO, 21.1R1-EVO, 21.1R2-EVO, 21.2R1-EVO | ||
| Juniper Networks | N/A | Juniper Networks SBR Carrier versions 8.5.0 antérieures à 8.5.0R10 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks SBR Carrier versions 8.4.1 ant\u00e9rieures \u00e0 8.4.1R19",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S19, 15.1R7-S10, 16.1R7-S7, 17.2R3-S3, 17.3R3-S12, 17.4R2-S13, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R2-S9, 18.4R3-S9, 19.1R2-S1, 19.2R1-S7, 19.2R3-S2, 19.3R2-S6, 19.3R3-S3, 19.4R1-S4, 19.4R2, 19.4R2-S4, 19.4R3-S5, 20.1R1, 20.1R2-S2, 20.1R3-S1, 20.2R2-S3, 20.2R3-S2, 20.3R2-S1, 20.3R3, 20.4R1-S1, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.2R1,",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Contrail Cloud versions ant\u00e9rieures \u00e0 13.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks SBR Carrier versions 8.6.0 ant\u00e9rieures \u00e0 8.6.0R4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 20.3R2-EVO, 20.4R2-EVO, 20.4R2-S2-EVO, 21.1R1-EVO, 21.1R2-EVO, 21.2R1-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks SBR Carrier versions 8.5.0 ant\u00e9rieures \u00e0 8.5.0R10",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-0285",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0285"
},
{
"name": "CVE-2021-0279",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0279"
},
{
"name": "CVE-2021-0287",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0287"
},
{
"name": "CVE-2021-0278",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0278"
},
{
"name": "CVE-2021-0280",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0280"
},
{
"name": "CVE-2021-0282",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0282"
},
{
"name": "CVE-2017-1087",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1087"
},
{
"name": "CVE-2018-6925",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6925"
},
{
"name": "CVE-2019-8936",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8936"
},
{
"name": "CVE-2021-0276",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0276"
},
{
"name": "CVE-2021-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0286"
},
{
"name": "CVE-2021-0289",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0289"
},
{
"name": "CVE-2021-0277",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0277"
},
{
"name": "CVE-2021-0290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0290"
},
{
"name": "CVE-2021-0281",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0281"
},
{
"name": "CVE-2021-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0288"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11191 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11191\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11183 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11183\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11192 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11192\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11181 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11181\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11178 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11178\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11180 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11180\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11187 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11187\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11188 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11188\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11179 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11179\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11185 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11185\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11184 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11184\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11190 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11190\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11189 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11189\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11177 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11177\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11186 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11186\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11182 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11182\u0026cat=SIRT_1\u0026actp=LIST"
}
],
"reference": "CERTFR-2021-AVI-526",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes les produits Juniper.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11183 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11187 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11189 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11188 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11192 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11191 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11177 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11186 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11179 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11182 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11180 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11181 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11178 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11185 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11190 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11184 du 14 juillet 2021",
"url": null
}
]
}
CVE-2017-1087 (GCVE-0-2017-1087)
Vulnerability from cvelistv5 – Published: 2017-11-16 20:00 – Updated: 2024-09-16 23:11
VLAI
EPSS
Summary
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation.
Severity
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/101867 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1039810 | vdb-entryx_refsource_SECTRACK |
| https://www.freebsd.org/security/advisories/FreeB… | vendor-advisoryx_refsource_FREEBSD |
Date Public
2017-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101867",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101867"
},
{
"name": "1039810",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039810"
},
{
"name": "FreeBSD-SA-17:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "FreeBSD 10.x"
}
]
}
],
"datePublic": "2017-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-17T10:57:01.000Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "101867",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101867"
},
{
"name": "1039810",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039810"
},
{
"name": "FreeBSD-SA-17:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-1087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 10.x"
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101867"
},
{
"name": "1039810",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039810"
},
{
"name": "FreeBSD-SA-17:09",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2017-1087",
"datePublished": "2017-11-16T20:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:11:12.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6925 (GCVE-0-2018-6925)
Vulnerability from cvelistv5 – Published: 2018-09-28 13:00 – Updated: 2024-09-17 00:26
VLAI
EPSS
Summary
In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash.
Severity
No CVSS data available.
CWE
- Denial of service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-E… | x_refsource_CONFIRM |
| https://www.flexera.com/company/secunia-research/… | x_refsource_MISC |
Impacted products
Date Public
2018-09-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:11.listen.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.flexera.com/company/secunia-research/advisories/SR-2018-21.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "11.2 before 11.2-RELEASE-p4"
},
{
"status": "affected",
"version": "11.1 before 11.1-RELEASE-p15"
},
{
"status": "affected",
"version": "10.x before 10.4-RELEASE-p13"
}
]
}
],
"datePublic": "2018-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-30T20:57:01.000Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:11.listen.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.flexera.com/company/secunia-research/advisories/SR-2018-21.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"DATE_PUBLIC": "2018-09-27T00:00:00",
"ID": "CVE-2018-6925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "11.2 before 11.2-RELEASE-p4"
},
{
"version_value": "11.1 before 11.1-RELEASE-p15"
},
{
"version_value": "10.x before 10.4-RELEASE-p13"
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:11.listen.asc",
"refsource": "CONFIRM",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:11.listen.asc"
},
{
"name": "https://www.flexera.com/company/secunia-research/advisories/SR-2018-21.html",
"refsource": "MISC",
"url": "https://www.flexera.com/company/secunia-research/advisories/SR-2018-21.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2018-6925",
"datePublished": "2018-09-28T13:00:00.000Z",
"dateReserved": "2018-02-12T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:26:16.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8936 (GCVE-0-2019-8936)
Vulnerability from cvelistv5 – Published: 2019-05-15 15:37 – Updated: 2024-08-04 21:31
VLAI
EPSS
Summary
NTP through 4.2.8p12 has a NULL Pointer Dereference.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201903-15 | vendor-advisoryx_refsource_GENTOO |
| http://support.ntp.org/bin/view/Main/SecurityNotice | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.netapp.com/advisory/ntap-2019050… | x_refsource_CONFIRM |
| https://security.FreeBSD.org/advisories/FreeBSD-S… | vendor-advisoryx_refsource_FREEBSD |
| https://seclists.org/bugtraq/2019/May/39 | mailing-listx_refsource_BUGTRAQ |
| http://bugs.ntp.org/show_bug.cgi?id=3565 | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/152915/FreeB… | x_refsource_MISC |
| https://support.f5.com/csp/article/K61363039 | x_refsource_CONFIRM |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://usn.ubuntu.com/4563-1/ | vendor-advisoryx_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201903-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "openSUSE-SU-2019:1143",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html"
},
{
"name": "openSUSE-SU-2019:1158",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html"
},
{
"name": "FEDORA-2019-b0c7f0d94a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/"
},
{
"name": "FEDORA-2019-694e3aa4e8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/"
},
{
"name": "FEDORA-2019-f781d5c4c6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190503-0001/"
},
{
"name": "FreeBSD-SA-19:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:04.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/39"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=3565"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K61363039"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "USN-4563-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4563-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NTP through 4.2.8p12 has a NULL Pointer Dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-07T15:06:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201903-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "openSUSE-SU-2019:1143",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html"
},
{
"name": "openSUSE-SU-2019:1158",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html"
},
{
"name": "FEDORA-2019-b0c7f0d94a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/"
},
{
"name": "FEDORA-2019-694e3aa4e8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/"
},
{
"name": "FEDORA-2019-f781d5c4c6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190503-0001/"
},
{
"name": "FreeBSD-SA-19:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:04.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/39"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=3565"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K61363039"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "USN-4563-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4563-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP through 4.2.8p12 has a NULL Pointer Dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201903-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource": "MISC",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "openSUSE-SU-2019:1143",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html"
},
{
"name": "openSUSE-SU-2019:1158",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html"
},
{
"name": "FEDORA-2019-b0c7f0d94a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/"
},
{
"name": "FEDORA-2019-694e3aa4e8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/"
},
{
"name": "FEDORA-2019-f781d5c4c6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190503-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190503-0001/"
},
{
"name": "FreeBSD-SA-19:04",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:04.ntp",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/39"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=3565",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=3565"
},
{
"name": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html"
},
{
"name": "https://support.f5.com/csp/article/K61363039",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K61363039"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "USN-4563-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4563-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-8936",
"datePublished": "2019-05-15T15:37:31.000Z",
"dateReserved": "2019-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:31:37.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0276 (GCVE-0-2021-0276)
Vulnerability from cvelistv5 – Published: 2021-07-15 20:00 – Updated: 2024-09-16 19:00
VLAI
EPSS
Title
Steel-Belted Radius Carrier Edition: Remote code execution vulnerability when EAP Authentication is configured.
Summary
A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Carrier with EAP (Extensible Authentication Protocol) authentication configured, allows an attacker sending specific packets causing the radius daemon to crash resulting with a Denial of Service (DoS) or leading to remote code execution (RCE). By continuously sending this specific packets, an attacker can repeatedly crash the radius daemon, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks SBR Carrier: 8.4.1 versions prior to 8.4.1R19; 8.5.0 versions prior to 8.5.0R10; 8.6.0 versions prior to 8.6.0R4.
Severity
9.8 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11180 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | SBR Carrier |
Affected:
8.4.1 , < 8.4.1R19
(custom)
Affected: 8.5.0 , < 8.5.0R10 (custom) Affected: 8.6.0 , < 8.6.0R4 (custom) |
Date Public
2021-07-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11180"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SBR Carrier",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "8.4.1R19",
"status": "affected",
"version": "8.4.1",
"versionType": "custom"
},
{
"lessThan": "8.5.0R10",
"status": "affected",
"version": "8.5.0",
"versionType": "custom"
},
{
"lessThan": "8.6.0R4",
"status": "affected",
"version": "8.6.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue affects SBR Carrier with EAP authentication configured only when using Enhanced EAP Logging and TraceLevel setting of 2.\n\n \u003cSBR_Installed_Directory\u003e/JNPRsbr/radius/radius.ini\n [Logging]\n LogLevel=2\n TraceLevel=2\n EnhancedEAPLogging = yes"
}
],
"datePublic": "2021-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Carrier with EAP (Extensible Authentication Protocol) authentication configured, allows an attacker sending specific packets causing the radius daemon to crash resulting with a Denial of Service (DoS) or leading to remote code execution (RCE). By continuously sending this specific packets, an attacker can repeatedly crash the radius daemon, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks SBR Carrier: 8.4.1 versions prior to 8.4.1R19; 8.5.0 versions prior to 8.5.0R10; 8.6.0 versions prior to 8.6.0R4."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T20:00:45.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11180"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 8.4.1R19, 8.5.0R10, 8.6.0R4 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11180",
"defect": [
"1465201"
],
"discovery": "USER"
},
"title": "Steel-Belted Radius Carrier Edition: Remote code execution vulnerability when EAP Authentication is configured.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
"ID": "CVE-2021-0276",
"STATE": "PUBLIC",
"TITLE": "Steel-Belted Radius Carrier Edition: Remote code execution vulnerability when EAP Authentication is configured."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SBR Carrier",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.4.1",
"version_value": "8.4.1R19"
},
{
"version_affected": "\u003c",
"version_name": "8.5.0",
"version_value": "8.5.0R10"
},
{
"version_affected": "\u003c",
"version_name": "8.6.0",
"version_value": "8.6.0R4"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue affects SBR Carrier with EAP authentication configured only when using Enhanced EAP Logging and TraceLevel setting of 2.\n\n \u003cSBR_Installed_Directory\u003e/JNPRsbr/radius/radius.ini\n [Logging]\n LogLevel=2\n TraceLevel=2\n EnhancedEAPLogging = yes"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Carrier with EAP (Extensible Authentication Protocol) authentication configured, allows an attacker sending specific packets causing the radius daemon to crash resulting with a Denial of Service (DoS) or leading to remote code execution (RCE). By continuously sending this specific packets, an attacker can repeatedly crash the radius daemon, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks SBR Carrier: 8.4.1 versions prior to 8.4.1R19; 8.5.0 versions prior to 8.5.0R10; 8.6.0 versions prior to 8.6.0R4."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11180",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11180"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 8.4.1R19, 8.5.0R10, 8.6.0R4 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11180",
"defect": [
"1465201"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0276",
"datePublished": "2021-07-15T20:00:45.706Z",
"dateReserved": "2020-10-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:00:01.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0277 (GCVE-0-2021-0277)
Vulnerability from cvelistv5 – Published: 2021-07-15 20:00 – Updated: 2024-09-16 18:29
VLAI
EPSS
Title
Junos OS and Junos OS Evolved: LLDP Out-of-Bounds Read vulnerability in l2cpd
Summary
An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS), or may lead to remote code execution (RCE). Continued receipt and processing of these frames, sent from the local broadcast domain, will repeatedly crash the l2cpd process and sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved versions prior to 20.4R2-EVO.
Severity
8.8 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11181 | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
12.3 , < 12.3R12-S18
(custom)
Affected: 15.1 , < 15.1R7-S9 (custom) Affected: 17.3 , < 17.3R3-S12 (custom) Affected: 17.4 , < 17.4R2-S13, 17.4R3-S5 (custom) Affected: 18.1 , < 18.1R3-S13 (custom) Affected: 18.2 , < 18.2R3-S8 (custom) Affected: 18.3 , < 18.3R3-S5 (custom) Affected: 18.4 , < 18.4R2-S8, 18.4R3-S8 (custom) Affected: 19.1 , < 19.1R3-S5 (custom) Affected: 19.2 , < 19.2R3-S3 (custom) Affected: 19.3 , < 19.3R2-S6, 19.3R3-S2 (custom) Affected: 19.4 , < 19.4R1-S4, 19.4R2-S4, 19.4R3-S3 (custom) Affected: 20.1 , < 20.1R2-S2, 20.1R3 (custom) Affected: 20.2 , < 20.2R3-S1 (custom) Affected: 20.3 , < 20.3R2-S1, 20.3R3 (custom) Affected: 20.4 , < 20.4R2 (custom) |
|
| Juniper Networks | Junos OS Evolved |
Affected:
unspecified , < 20.4R2-EVO
(custom)
|
Date Public
2021-07-14 00:00
Credits
The Juniper SIRT would like to acknowledge and thank Qian Chen from the Codesafe Team of Legendsec at the Qi'anxin Group.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3R12-S18",
"status": "affected",
"version": "12.3",
"versionType": "custom"
},
{
"lessThan": "15.1R7-S9",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S12",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S13, 17.4R3-S5",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S13",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S8",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S5",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S8, 18.4R3-S8",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S5",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R3-S3",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S6, 19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S4, 19.4R2-S4, 19.4R3-S3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2-S2, 20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S1",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R2-S1, 20.3R3",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R2",
"status": "affected",
"version": "20.4",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R2-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This vulnerability is only exploitable on interfaces with LLDP enabled. For example:\n\n [protocols lldp]"
}
],
"credits": [
{
"lang": "en",
"value": "The Juniper SIRT would like to acknowledge and thank Qian Chen from the Codesafe Team of Legendsec at the Qi\u0027anxin Group."
}
],
"datePublic": "2021-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS), or may lead to remote code execution (RCE). Continued receipt and processing of these frames, sent from the local broadcast domain, will repeatedly crash the l2cpd process and sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved versions prior to 20.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T20:00:47.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11181"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS 12.3R12-S18, 15.1R7-S9, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R2-S8, 18.4R3-S8, 19.1R3-S5, 19.3R2-S6, 19.3R3-S2, 19.4R1-S4, 19.4R2-S4, 19.4R3-S3, 20.1R2-S2, 20.1R3, 20.2R3-S1, 20.3R2-S1, 20.3R3, 20.4R2, 20.4R3, 21.1R1, 21.1R2, 21.2R1, and all subsequent releases.\n\nJunos OS Evolved 20.4R2-EVO, 21.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11181",
"defect": [
"1569312"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS and Junos OS Evolved: LLDP Out-of-Bounds Read vulnerability in l2cpd",
"workarounds": [
{
"lang": "en",
"value": "1. Configure the device to not load the L2CPD daemon using the following CLI config stanza.\n\n set system processes l2cpd-service disable\n\nAdditional protocols L2CPD daemon supports include RSTP, MSTP, VSTP, ERP, xSTP and ERP protocols. After issuing set system processes l2cpd-service disable, RSTP, MSTP, VSTP, ERP, xSTP and ERP protocols will cease to operate. Please note, this is not an exhaustive list, disabling L2CPD may affect other protocols and services that rely upon L2CPD daemon to be present. For example, L2ALD, MRVP, EVPN traffic, etc. may also cease to operate. To avoid downtime, customers considering applying this workaround should carefully test all workaround changes to their environment in a non-production environment first that mirrors or as closely as possible matches the production environment before applying to the production environment.\n\n2. Configure target interfaces on the device to disable LLDP packet processing:\n \n set protocols lldp interface \u003cinterface name\u003e disable\n\n3. On Switching platforms such as EX/QFX Series devices implement packet filters to discard LLDP packets with an EtherType of 0x88cc.\n\nFor example:\n\n set firewall family ethernet-switching filter LLDP_EXAMPLE term 1 from ether-type 0x88cc\n set firewall family ethernet-switching filter LLDP_EXAMPLE term 1 then discard\n \nWorkaround #3 does not work on MX Series devices. MX Series devices should disable LLDP processing, filter off-system, or upgrade to a fixed release.\n \n4. Lastly, as a method to reduce the risk of exploitation for this vulnerability, customers may implement off-system IDP and/or Firewall filtering methods such as disallowing LLDP EtherType to propagate completely on local segments, or by filtering broadcast addressed LLDP packets or unicast addressed LLDP packets not originated from trusted sources targeted to trusted destinations.\n\nAdditionally, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device via all means to only trusted, administrative networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
"ID": "CVE-2021-0277",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: LLDP Out-of-Bounds Read vulnerability in l2cpd"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "12.3",
"version_value": "12.3R12-S18"
},
{
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S9"
},
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S12"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S13, 17.4R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S13"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S8"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S8, 18.4R3-S8"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S6, 19.3R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S4, 19.4R2-S4, 19.4R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2-S2, 20.1R3"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R2-S1, 20.3R3"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.4R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This vulnerability is only exploitable on interfaces with LLDP enabled. For example:\n\n [protocols lldp]"
}
],
"credit": [
{
"lang": "eng",
"value": "The Juniper SIRT would like to acknowledge and thank Qian Chen from the Codesafe Team of Legendsec at the Qi\u0027anxin Group."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS), or may lead to remote code execution (RCE). Continued receipt and processing of these frames, sent from the local broadcast domain, will repeatedly crash the l2cpd process and sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved versions prior to 20.4R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11181",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11181"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS 12.3R12-S18, 15.1R7-S9, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R2-S8, 18.4R3-S8, 19.1R3-S5, 19.3R2-S6, 19.3R3-S2, 19.4R1-S4, 19.4R2-S4, 19.4R3-S3, 20.1R2-S2, 20.1R3, 20.2R3-S1, 20.3R2-S1, 20.3R3, 20.4R2, 20.4R3, 21.1R1, 21.1R2, 21.2R1, and all subsequent releases.\n\nJunos OS Evolved 20.4R2-EVO, 21.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11181",
"defect": [
"1569312"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "1. Configure the device to not load the L2CPD daemon using the following CLI config stanza.\n\n set system processes l2cpd-service disable\n\nAdditional protocols L2CPD daemon supports include RSTP, MSTP, VSTP, ERP, xSTP and ERP protocols. After issuing set system processes l2cpd-service disable, RSTP, MSTP, VSTP, ERP, xSTP and ERP protocols will cease to operate. Please note, this is not an exhaustive list, disabling L2CPD may affect other protocols and services that rely upon L2CPD daemon to be present. For example, L2ALD, MRVP, EVPN traffic, etc. may also cease to operate. To avoid downtime, customers considering applying this workaround should carefully test all workaround changes to their environment in a non-production environment first that mirrors or as closely as possible matches the production environment before applying to the production environment.\n\n2. Configure target interfaces on the device to disable LLDP packet processing:\n \n set protocols lldp interface \u003cinterface name\u003e disable\n\n3. On Switching platforms such as EX/QFX Series devices implement packet filters to discard LLDP packets with an EtherType of 0x88cc.\n\nFor example:\n\n set firewall family ethernet-switching filter LLDP_EXAMPLE term 1 from ether-type 0x88cc\n set firewall family ethernet-switching filter LLDP_EXAMPLE term 1 then discard\n \nWorkaround #3 does not work on MX Series devices. MX Series devices should disable LLDP processing, filter off-system, or upgrade to a fixed release.\n \n4. Lastly, as a method to reduce the risk of exploitation for this vulnerability, customers may implement off-system IDP and/or Firewall filtering methods such as disallowing LLDP EtherType to propagate completely on local segments, or by filtering broadcast addressed LLDP packets or unicast addressed LLDP packets not originated from trusted sources targeted to trusted destinations.\n\nAdditionally, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device via all means to only trusted, administrative networks, hosts and users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0277",
"datePublished": "2021-07-15T20:00:47.440Z",
"dateReserved": "2020-10-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:29:22.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0278 (GCVE-0-2021-0278)
Vulnerability from cvelistv5 – Published: 2021-07-15 20:00 – Updated: 2024-09-17 03:37
VLAI
EPSS
Title
Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root.
Summary
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. junos:18.3R3-S5 junos:18.4R3-S9 junos:19.1R3-S6 junos:19.3R2-S6 junos:19.3R3-S3 junos:19.4R1-S4 junos:19.4R3-S4 junos:20.1R2-S2 junos:20.1R3 junos:20.2R3-S1 junos:20.3X75-D20 junos:20.3X75-D30 junos:20.4R2-S1 junos:20.4R3 junos:21.1R1-S1 junos:21.1R2 junos:21.2R1 junos:21.3R1 This issue affects: Juniper Networks Junos OS 19.3 versions 19.3R1 and above prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1.
Severity
8.8 (High)
CWE
- CWE-20 - Improper Input Validation
- Privilege Escalation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11182 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Unaffected:
unspecified , < 19.3R1
(custom)
Affected: 19.3R1 , < 19.3* (custom) Affected: 19.4 , < 19.4R3-S5 (custom) Affected: 20.1 , < 20.1R2-S2, 20.1R3-S1 (custom) Affected: 20.2 , < 20.2R3-S2 (custom) Affected: 20.3 , < 20.3R3 (custom) Affected: 20.4 , < 20.4R2-S1, 20.4R3 (custom) Affected: 21.1 , < 21.1R1-S1, 21.1R2 (custom) |
Date Public
2021-07-14 00:00
Credits
The Juniper SIRT wishes to thank Luca Ercoli regarding PR 1511853
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.3R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"changes": [
{
"at": "19.3R2-S6, 19.3R3-S3",
"status": "unaffected"
}
],
"lessThan": "19.3*",
"status": "affected",
"version": "19.3R1",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S5",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2-S2, 20.1R3-S1",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R2-S1, 20.4R3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R1-S1, 21.1R2",
"status": "affected",
"version": "21.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following minimal configuration is necessary: \n\n [system services web-management http]\nor\n [system services web-management https]"
}
],
"credits": [
{
"lang": "en",
"value": "The Juniper SIRT wishes to thank Luca Ercoli regarding PR 1511853"
}
],
"datePublic": "2021-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. junos:18.3R3-S5 junos:18.4R3-S9 junos:19.1R3-S6 junos:19.3R2-S6 junos:19.3R3-S3 junos:19.4R1-S4 junos:19.4R3-S4 junos:20.1R2-S2 junos:20.1R3 junos:20.2R3-S1 junos:20.3X75-D20 junos:20.3X75-D30 junos:20.4R2-S1 junos:20.4R3 junos:21.1R1-S1 junos:21.1R2 junos:21.2R1 junos:21.3R1 This issue affects: Juniper Networks Junos OS 19.3 versions 19.3R1 and above prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability. However, a proof-of-concept exploit does exist in the wild."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T20:00:48.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11182"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.3R2-S6, 19.3R3-S3, 19.4R3-S5, 20.1R2-S2, 20.1R3-S1, 20.2R3-S2, 20.3R3, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.2R1, and all subsequent releases.\n\nIn addition to the above fixed releases, for the following not-affected releases additional security enhancements were included in Junos OS 18.3R3-S5, 18.4R3-S9, 19.1R3-S6 as a result of resolving this issue."
}
],
"source": {
"advisory": "JSA11182",
"defect": [
"1592021",
"1511853"
],
"discovery": "USER"
},
"title": "Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue other than disabling J-Web. \n\nTo reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
"ID": "CVE-2021-0278",
"STATE": "PUBLIC",
"TITLE": "Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "19.3",
"version_value": "19.3R1"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S6, 19.3R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2-S2, 20.1R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2-S1, 20.4R3"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R1-S1, 21.1R2"
},
{
"version_affected": "!\u003c",
"version_value": "19.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The following minimal configuration is necessary: \n\n [system services web-management http]\nor\n [system services web-management https]"
}
],
"credit": [
{
"lang": "eng",
"value": "The Juniper SIRT wishes to thank Luca Ercoli regarding PR 1511853"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. junos:18.3R3-S5 junos:18.4R3-S9 junos:19.1R3-S6 junos:19.3R2-S6 junos:19.3R3-S3 junos:19.4R1-S4 junos:19.4R3-S4 junos:20.1R2-S2 junos:20.1R3 junos:20.2R3-S1 junos:20.3X75-D20 junos:20.3X75-D30 junos:20.4R2-S1 junos:20.4R3 junos:21.1R1-S1 junos:21.1R2 junos:21.2R1 junos:21.3R1 This issue affects: Juniper Networks Junos OS 19.3 versions 19.3R1 and above prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability. However, a proof-of-concept exploit does exist in the wild."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11182",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11182"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.3R2-S6, 19.3R3-S3, 19.4R3-S5, 20.1R2-S2, 20.1R3-S1, 20.2R3-S2, 20.3R3, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.2R1, and all subsequent releases.\n\nIn addition to the above fixed releases, for the following not-affected releases additional security enhancements were included in Junos OS 18.3R3-S5, 18.4R3-S9, 19.1R3-S6 as a result of resolving this issue."
}
],
"source": {
"advisory": "JSA11182",
"defect": [
"1592021",
"1511853"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue other than disabling J-Web. \n\nTo reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0278",
"datePublished": "2021-07-15T20:00:49.075Z",
"dateReserved": "2020-10-27T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:37:49.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0279 (GCVE-0-2021-0279)
Vulnerability from cvelistv5 – Published: 2021-07-15 20:00 – Updated: 2024-09-17 01:06
VLAI
EPSS
Title
Contrail Cloud: Hardcoded credentials for RabbitMQ service
Summary
Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0.
Severity
8.6 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11183 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Contrail Cloud |
Affected:
unspecified , < 13.6.0
(custom)
|
Date Public
2021-07-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11183"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contrail Cloud",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "13.6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T20:00:50.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11183"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Juniper Networks Contrail Cloud version 13.6.0, and all subsequent releases.\n\nWhen installing Contrail Cloud version 13.6.0, to set a non-default password for RabbitMQ, one of these options are possible:\na) You may set a non-default password using the config/vault-data.yml file.\nb) Or following configuration should be added to the CC site.yml file:\n\n extra_config:\n ContrailAnalyticsParameters:\n ContrailSettings:\n RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n ContrailControllerParameters:\n ContrailSettings:\n RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n\nContact Juniper Networks Technical Assistance Center (JTAC) for guided assistance if necessary."
}
],
"source": {
"advisory": "JSA11183",
"defect": [
"CC-773"
],
"discovery": "USER"
},
"title": "Contrail Cloud: Hardcoded credentials for RabbitMQ service",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue with a fresh installation of Contrail Cloud version prior to 13.6.0, the following configuration options should be added to the CC site.yml file.\n\n extra_config:\n ContrailAnalyticsParameters:\n ContrailSettings:\n RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n ContrailControllerParameters:\n ContrailSettings:\n RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n\nPlease contact Juniper Networks Technical Assistance Center (JTAC) for guided assistance if necessary.\n\nUntil a fresh installation or upgrade is possible, to reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
"ID": "CVE-2021-0279",
"STATE": "PUBLIC",
"TITLE": "Contrail Cloud: Hardcoded credentials for RabbitMQ service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contrail Cloud",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "13.6.0"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11183",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11183"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Juniper Networks Contrail Cloud version 13.6.0, and all subsequent releases.\n\nWhen installing Contrail Cloud version 13.6.0, to set a non-default password for RabbitMQ, one of these options are possible:\na) You may set a non-default password using the config/vault-data.yml file.\nb) Or following configuration should be added to the CC site.yml file:\n\n extra_config:\n ContrailAnalyticsParameters:\n ContrailSettings:\n RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n ContrailControllerParameters:\n ContrailSettings:\n RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n\nContact Juniper Networks Technical Assistance Center (JTAC) for guided assistance if necessary."
}
],
"source": {
"advisory": "JSA11183",
"defect": [
"CC-773"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "To mitigate this issue with a fresh installation of Contrail Cloud version prior to 13.6.0, the following configuration options should be added to the CC site.yml file.\n\n extra_config:\n ContrailAnalyticsParameters:\n ContrailSettings:\n RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n ContrailControllerParameters:\n ContrailSettings:\n RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n\nPlease contact Juniper Networks Technical Assistance Center (JTAC) for guided assistance if necessary.\n\nUntil a fresh installation or upgrade is possible, to reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0279",
"datePublished": "2021-07-15T20:00:50.653Z",
"dateReserved": "2020-10-27T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:06:11.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0280 (GCVE-0-2021-0280)
Vulnerability from cvelistv5 – Published: 2021-07-15 20:00 – Updated: 2024-09-16 22:40
VLAI
EPSS
Title
Junos OS: PTX Series, QFX10K Series: Upon receipt of specific packets BFD sessions might flap due to DDoS policer implementation in Packet Forwarding Engine
Summary
Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards, ddos-protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS (Distributed Denial of Service) settings in the Packet Forwarding Engine (PFE). This may cause BFD sessions to flap when a high rate of specific packets are received. Flapping of BFD sessions in turn may impact routing protocols and network stability, leading to a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only the following platforms with Paradise (PE) chipset-based line cards: PTX1000, PTX3000 (NextGen), PTX5000, PTX10008, PTX10016 Series and QFX10002 Series. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R3-S5 on PTX Series, QFX10K Series; 18.2 versions prior to 18.2R3-S8 on PTX Series, QFX10K Series; 18.3 versions prior to 18.3R3-S5 on PTX Series, QFX10K Series; 18.4 versions prior to 18.4R2-S8 on PTX Series, QFX10K Series; 19.1 versions prior to 19.1R3-S5 on PTX Series, QFX10K Series; 19.2 versions prior to 19.2R3-S2 on PTX Series, QFX10K Series; 19.3 versions prior to 19.3R3-S2 on PTX Series, QFX10K Series; 19.4 versions prior to 19.4R3-S2 on PTX Series, QFX10K Series; 20.1 versions prior to 20.1R3 on PTX Series, QFX10K Series; 20.2 versions prior to 20.2R2-S3, 20.2R3 on PTX Series, QFX10K Series; 20.3 versions prior to 20.3R2 on PTX Series, QFX10K Series; 20.4 versions prior to 20.4R2 on PTX Series, QFX10K Series.
Severity
7.5 (High)
CWE
- CWE-665 - Improper Initialization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11184 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
17.4 , < 17.4R3-S5
(custom)
Affected: 18.2 , < 18.2R3-S8 (custom) Affected: 18.3 , < 18.3R3-S5 (custom) Affected: 18.4 , < 18.4R2-S8 (custom) Affected: 19.1 , < 19.1R3-S5 (custom) Affected: 19.2 , < 19.2R3-S2 (custom) Affected: 19.3 , < 19.3R3-S2 (custom) Affected: 19.4 , < 19.4R3-S2 (custom) Affected: 20.1 , < 20.1R3 (custom) Affected: 20.2 , < 20.2R2-S3, 20.2R3 (custom) Affected: 20.3 , < 20.3R2, 20.3R3 (custom) Affected: 20.4 , < 20.4R2 (custom) |
Date Public
2021-07-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"PTX Series, QFX10K Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.4R3-S5",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S8",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S5",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S8",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S5",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R3-S2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2-S3, 20.2R3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R2, 20.3R3",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R2",
"status": "affected",
"version": "20.4",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The examples of the config stanza affected by this issue:\n\n [system ddos-protection global]\n [system ddos-protection protocols]"
}
],
"datePublic": "2021-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards, ddos-protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS (Distributed Denial of Service) settings in the Packet Forwarding Engine (PFE). This may cause BFD sessions to flap when a high rate of specific packets are received. Flapping of BFD sessions in turn may impact routing protocols and network stability, leading to a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only the following platforms with Paradise (PE) chipset-based line cards: PTX1000, PTX3000 (NextGen), PTX5000, PTX10008, PTX10016 Series and QFX10002 Series. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R3-S5 on PTX Series, QFX10K Series; 18.2 versions prior to 18.2R3-S8 on PTX Series, QFX10K Series; 18.3 versions prior to 18.3R3-S5 on PTX Series, QFX10K Series; 18.4 versions prior to 18.4R2-S8 on PTX Series, QFX10K Series; 19.1 versions prior to 19.1R3-S5 on PTX Series, QFX10K Series; 19.2 versions prior to 19.2R3-S2 on PTX Series, QFX10K Series; 19.3 versions prior to 19.3R3-S2 on PTX Series, QFX10K Series; 19.4 versions prior to 19.4R3-S2 on PTX Series, QFX10K Series; 20.1 versions prior to 20.1R3 on PTX Series, QFX10K Series; 20.2 versions prior to 20.2R2-S3, 20.2R3 on PTX Series, QFX10K Series; 20.3 versions prior to 20.3R2 on PTX Series, QFX10K Series; 20.4 versions prior to 20.4R2 on PTX Series, QFX10K Series."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T20:00:52.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11184"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.4R3-S5, 18.2R3-S8, 18.3R3-S5, 18.4R2-S8, 19.1R3-S5, 19.2R3-S2, 19.3R3-S2, 19.4R3-S2, 20.1R3, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R2, 21.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11184",
"defect": [
"1564807"
],
"discovery": "USER"
},
"title": "Junos OS: PTX Series, QFX10K Series: Upon receipt of specific packets BFD sessions might flap due to DDoS policer implementation in Packet Forwarding Engine",
"workarounds": [
{
"lang": "en",
"value": "The default ukern policer rate can be reduced by the CLI command:\n set system ddos-protection protocols \u003cprotocol-group\u003e \u003caggregate | packet-type\u003e bandwidth \u003cpackets-per-second\u003e burst \u003csize\u003e"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
"ID": "CVE-2021-0280",
"STATE": "PUBLIC",
"TITLE": "Junos OS: PTX Series, QFX10K Series: Upon receipt of specific packets BFD sessions might flap due to DDoS policer implementation in Packet Forwarding Engine"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "PTX Series, QFX10K Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R3-S5"
},
{
"platform": "PTX Series, QFX10K Series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S8"
},
{
"platform": "PTX Series, QFX10K Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S5"
},
{
"platform": "PTX Series, QFX10K Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S8"
},
{
"platform": "PTX Series, QFX10K Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S5"
},
{
"platform": "PTX Series, QFX10K Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R3-S2"
},
{
"platform": "PTX Series, QFX10K Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S2"
},
{
"platform": "PTX Series, QFX10K Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3-S2"
},
{
"platform": "PTX Series, QFX10K Series",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3"
},
{
"platform": "PTX Series, QFX10K Series",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2-S3, 20.2R3"
},
{
"platform": "PTX Series, QFX10K Series",
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R2, 20.3R3"
},
{
"platform": "PTX Series, QFX10K Series",
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The examples of the config stanza affected by this issue:\n\n [system ddos-protection global]\n [system ddos-protection protocols]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards, ddos-protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS (Distributed Denial of Service) settings in the Packet Forwarding Engine (PFE). This may cause BFD sessions to flap when a high rate of specific packets are received. Flapping of BFD sessions in turn may impact routing protocols and network stability, leading to a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only the following platforms with Paradise (PE) chipset-based line cards: PTX1000, PTX3000 (NextGen), PTX5000, PTX10008, PTX10016 Series and QFX10002 Series. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R3-S5 on PTX Series, QFX10K Series; 18.2 versions prior to 18.2R3-S8 on PTX Series, QFX10K Series; 18.3 versions prior to 18.3R3-S5 on PTX Series, QFX10K Series; 18.4 versions prior to 18.4R2-S8 on PTX Series, QFX10K Series; 19.1 versions prior to 19.1R3-S5 on PTX Series, QFX10K Series; 19.2 versions prior to 19.2R3-S2 on PTX Series, QFX10K Series; 19.3 versions prior to 19.3R3-S2 on PTX Series, QFX10K Series; 19.4 versions prior to 19.4R3-S2 on PTX Series, QFX10K Series; 20.1 versions prior to 20.1R3 on PTX Series, QFX10K Series; 20.2 versions prior to 20.2R2-S3, 20.2R3 on PTX Series, QFX10K Series; 20.3 versions prior to 20.3R2 on PTX Series, QFX10K Series; 20.4 versions prior to 20.4R2 on PTX Series, QFX10K Series."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-665 Improper Initialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11184",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11184"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.4R3-S5, 18.2R3-S8, 18.3R3-S5, 18.4R2-S8, 19.1R3-S5, 19.2R3-S2, 19.3R3-S2, 19.4R3-S2, 20.1R3, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R2, 21.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11184",
"defect": [
"1564807"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "The default ukern policer rate can be reduced by the CLI command:\n set system ddos-protection protocols \u003cprotocol-group\u003e \u003caggregate | packet-type\u003e bandwidth \u003cpackets-per-second\u003e burst \u003csize\u003e"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0280",
"datePublished": "2021-07-15T20:00:52.242Z",
"dateReserved": "2020-10-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:40:56.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0281 (GCVE-0-2021-0281)
Vulnerability from cvelistv5 – Published: 2021-07-15 20:00 – Updated: 2024-09-16 18:08
VLAI
EPSS
Title
Junos OS and Junos OS Evolved: Specific packets can trigger rpd crash when BGP Origin Validation is configured with RPKI
Summary
On Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI) receipt of a specific packet from the RPKI cache server may cause routing process daemon (RPD) to crash and restart, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R2-S2-EVO.
Severity
5.9 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11185 | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
17.3 , < 17.3R3-S12
(custom)
Affected: 17.4 , < 17.4R3-S5 (custom) Affected: 18.1 , < 18.1R3-S13 (custom) Affected: 18.2 , < 18.2R3-S8 (custom) Affected: 18.3 , < 18.3R3-S5 (custom) Affected: 18.4 , < 18.4R2-S8, 18.4R3-S8 (custom) Affected: 19.1 , < 19.1R3-S5 (custom) Affected: 19.2 , < 19.2R3-S2 (custom) Affected: 19.3 , < 19.3R2-S6, 19.3R3-S2 (custom) Affected: 19.4 , < 19.4R2-S4, 19.4R3-S3 (custom) Affected: 20.1 , < 20.1R3 (custom) Affected: 20.2 , < 20.2R3 (custom) Affected: 20.3 , < 20.3R2 (custom) Affected: 20.4 , < 20.4R2 (custom) |
|
| Juniper Networks | Junos OS Evolved |
Affected:
All , < 20.4R2-S2-EVO
(custom)
|
Date Public
2021-07-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11185"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.3R3-S12",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R3-S5",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S13",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S8",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S5",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S8, 18.4R3-S8",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S5",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R3-S2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S6, 19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S4, 19.4R3-S3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R2",
"status": "affected",
"version": "20.4",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R2-S2-EVO",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The config stanza affected by this issue:\n [ routing-options validation group \u003cgroup-name\u003e session \u003cIP address\u003e ]"
}
],
"datePublic": "2021-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI) receipt of a specific packet from the RPKI cache server may cause routing process daemon (RPD) to crash and restart, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R2-S2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T20:00:53.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11185"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS 17.3R3-S12, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R2-S8, 18.4R3-S8, 19.1R3-S5, 19.2R3-S2, 19.3R2-S6, 19.3R3-S2, 19.4R2-S4, 19.4R3-S3, 20.1R3, 20.2R3, 20.3R2, 20.4R2, 21.1R1 and all subsequent releases.\n\nJunos OS Evolved: 20.4R2-S2-EVO, 21.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11185",
"defect": [
"1556207"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: Specific packets can trigger rpd crash when BGP Origin Validation is configured with RPKI",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
"ID": "CVE-2021-0281",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: Specific packets can trigger rpd crash when BGP Origin Validation is configured with RPKI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S12"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S13"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S8"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S8, 18.4R3-S8"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S6, 19.3R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S4, 19.4R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R2"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "20.4R2-S2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The config stanza affected by this issue:\n [ routing-options validation group \u003cgroup-name\u003e session \u003cIP address\u003e ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI) receipt of a specific packet from the RPKI cache server may cause routing process daemon (RPD) to crash and restart, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R2-S2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11185",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11185"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS 17.3R3-S12, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R2-S8, 18.4R3-S8, 19.1R3-S5, 19.2R3-S2, 19.3R2-S6, 19.3R3-S2, 19.4R2-S4, 19.4R3-S3, 20.1R3, 20.2R3, 20.3R2, 20.4R2, 21.1R1 and all subsequent releases.\n\nJunos OS Evolved: 20.4R2-S2-EVO, 21.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11185",
"defect": [
"1556207"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0281",
"datePublished": "2021-07-15T20:00:53.845Z",
"dateReserved": "2020-10-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:08:46.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0282 (GCVE-0-2021-0282)
Vulnerability from cvelistv5 – Published: 2021-07-15 20:00 – Updated: 2024-09-16 19:35
VLAI
EPSS
Title
Junos OS: RPD crash while processing a specific BGP UPDATE when Multipath or add-path features are enabled
Summary
On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this UPDATE message will create a sustained Denial of Service (DoS) condition. This BGP UPDATE message can propagate to other BGP peers with vulnerable Junos versions on which Multipath or add-path feature is enabled, and cause RPD to crash and restart. This issue affects both IBGP and EBGP deployments in IPv4 or IPv6 network. Junos OS devices that do not have the BGP Multipath or add-path feature enabled are not affected by this issue. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S3;
Severity
7.5 (High)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11186 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
12.3 , < 12.3R12-S18
(custom)
Affected: 15.1 , < 15.1R7-S9 (custom) Affected: 17.3 , < 17.3R3-S11 (custom) Affected: 17.4 , < 17.4R2-S13, 17.4R3-S4 (custom) Affected: 18.1 , < 18.1R3-S12 (custom) Affected: 18.2 , < 18.2R3-S7 (custom) Affected: 18.3 , < 18.3R3-S4 (custom) Affected: 18.4 , < 18.4R2-S6, 18.4R3-S6 (custom) Affected: 19.1 , < 19.1R3-S3 (custom) |
Date Public
2021-07-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3R12-S18",
"status": "affected",
"version": "12.3",
"versionType": "custom"
},
{
"lessThan": "15.1R7-S9",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S11",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S13, 17.4R3-S4",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S12",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S7",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S4",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S6, 18.4R3-S6",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S3",
"status": "affected",
"version": "19.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The examples of the config stanza affected by this issue:\n [ protocols bgp multipath ]\n [ protocols bgp group \u003cgroup-name\u003e multipath ] \nor\n [ protocols bgp group \u003cgroup-name\u003e family \u003cfamily\u003e add-path ]"
}
],
"datePublic": "2021-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this UPDATE message will create a sustained Denial of Service (DoS) condition. This BGP UPDATE message can propagate to other BGP peers with vulnerable Junos versions on which Multipath or add-path feature is enabled, and cause RPD to crash and restart. This issue affects both IBGP and EBGP deployments in IPv4 or IPv6 network. Junos OS devices that do not have the BGP Multipath or add-path feature enabled are not affected by this issue. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S3;"
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T20:00:55.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11186"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S18, 15.1R7-S9, 17.3R3-S11, 17.4R2-S13, 17.4R3-S4, 18.1R3-S12, 18.2R3-S7, 18.3R3-S4, 18.4R2-S6, 18.4R3-S6, 19.1R3-S3, 19.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11186",
"defect": [
"1412977"
],
"discovery": "USER"
},
"title": "Junos OS: RPD crash while processing a specific BGP UPDATE when Multipath or add-path features are enabled",
"workarounds": [
{
"lang": "en",
"value": "BGP Multipath or add-path features can be disabled to mitigate this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
"ID": "CVE-2021-0282",
"STATE": "PUBLIC",
"TITLE": "Junos OS: RPD crash while processing a specific BGP UPDATE when Multipath or add-path features are enabled"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "12.3",
"version_value": "12.3R12-S18"
},
{
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S9"
},
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S11"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S13, 17.4R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S12"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S6, 18.4R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The examples of the config stanza affected by this issue:\n [ protocols bgp multipath ]\n [ protocols bgp group \u003cgroup-name\u003e multipath ] \nor\n [ protocols bgp group \u003cgroup-name\u003e family \u003cfamily\u003e add-path ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this UPDATE message will create a sustained Denial of Service (DoS) condition. This BGP UPDATE message can propagate to other BGP peers with vulnerable Junos versions on which Multipath or add-path feature is enabled, and cause RPD to crash and restart. This issue affects both IBGP and EBGP deployments in IPv4 or IPv6 network. Junos OS devices that do not have the BGP Multipath or add-path feature enabled are not affected by this issue. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S3;"
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11186",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11186"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S18, 15.1R7-S9, 17.3R3-S11, 17.4R2-S13, 17.4R3-S4, 18.1R3-S12, 18.2R3-S7, 18.3R3-S4, 18.4R2-S6, 18.4R3-S6, 19.1R3-S3, 19.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11186",
"defect": [
"1412977"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "BGP Multipath or add-path features can be disabled to mitigate this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0282",
"datePublished": "2021-07-15T20:00:55.392Z",
"dateReserved": "2020-10-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:35:43.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…