Vulnerability-Lookup

BDU:2021-00993

Vulnerability from fstec - Published: 13.01.2021

Title

Уязвимость профиля Storm Control операционной системы Junos маршрутизаторов серий EX и QFX5K, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость профиля Storm Control операционной системы Junos маршрутизаторов серий EX и QFX5K связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Vendor

Juniper Networks Inc.

Software Name

JunOS

Software Version

от 17.4 до 17.4R2-S11 (JunOS), от 18.2 до 18.2R3-S5 (JunOS), от 18.3 до 18.3R2-S4 (JunOS), от 18.4 до 18.4R2-S5 (JunOS), от 19.1 до 19.1R3-S2 (JunOS), от 19.2 до 19.2R1-S5 (JunOS), от 19.2 до 19.2R3 (JunOS), от 19.3 до 19.3R2-S4 (JunOS), от 19.3 до 19.3R3 (JunOS), от 19.4 до 19.4R1-S3 (JunOS), от 19.4 до 19.4R2-S1 (JunOS), от 19.4 до 19.4R3 (JunOS), от 20.1 до 20.1R2 (JunOS), от 15.1 до 15.1R7-S7 (JunOS), от 16.1 до 16.1R7-S8 (JunOS), от 17.2 до 17.2R3-S4 (JunOS), от 17.3 до 17.3R3-S8 (JunOS), от 17.4 до 17.4R3-S2 (JunOS), от 18.1 до 18.1R3-S10 (JunOS), от 18.3 до 18.3R3-S2 (JunOS), от 18.4 до 18.4R3-S3 (JunOS), от 19.1 до 19.1R2-S2 (JunOS), от 19.2 до 19.2R2-S1 (JunOS), от 20.1 до 20.1R1-S2 (JunOS)

Possible Mitigations

Использование рекомендаций: https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11093&cat=SIRT_1&actp=LIST

Reference

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11093&cat=SIRT_1&actp=LIST https://kb.juniper.net/JSA11093

CWE

CWE-794

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Juniper Networks Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 17.4 \u0434\u043e 17.4R2-S11 (JunOS), \u043e\u0442 18.2 \u0434\u043e 18.2R3-S5 (JunOS), \u043e\u0442 18.3 \u0434\u043e 18.3R2-S4 (JunOS), \u043e\u0442 18.4 \u0434\u043e 18.4R2-S5 (JunOS), \u043e\u0442 19.1 \u0434\u043e 19.1R3-S2 (JunOS), \u043e\u0442 19.2 \u0434\u043e 19.2R1-S5 (JunOS), \u043e\u0442 19.2 \u0434\u043e 19.2R3 (JunOS), \u043e\u0442 19.3 \u0434\u043e 19.3R2-S4 (JunOS), \u043e\u0442 19.3 \u0434\u043e 19.3R3 (JunOS), \u043e\u0442 19.4 \u0434\u043e 19.4R1-S3 (JunOS), \u043e\u0442 19.4 \u0434\u043e 19.4R2-S1 (JunOS), \u043e\u0442 19.4 \u0434\u043e 19.4R3 (JunOS), \u043e\u0442 20.1 \u0434\u043e 20.1R2 (JunOS), \u043e\u0442 15.1 \u0434\u043e 15.1R7-S7 (JunOS), \u043e\u0442 16.1 \u0434\u043e 16.1R7-S8 (JunOS), \u043e\u0442 17.2 \u0434\u043e 17.2R3-S4 (JunOS), \u043e\u0442 17.3 \u0434\u043e 17.3R3-S8 (JunOS), \u043e\u0442 17.4 \u0434\u043e 17.4R3-S2 (JunOS), \u043e\u0442 18.1 \u0434\u043e 18.1R3-S10 (JunOS), \u043e\u0442 18.3 \u0434\u043e 18.3R3-S2 (JunOS), \u043e\u0442 18.4 \u0434\u043e 18.4R3-S3 (JunOS), \u043e\u0442 19.1 \u0434\u043e 19.1R2-S2 (JunOS), \u043e\u0442 19.2 \u0434\u043e 19.2R2-S1 (JunOS), \u043e\u0442 20.1 \u0434\u043e 20.1R1-S2 (JunOS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11093\u0026cat=SIRT_1\u0026actp=LIST",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.01.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "25.02.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.02.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-00993",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-0203",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "JunOS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Juniper Networks Inc. JunOS \u043e\u0442 17.4 \u0434\u043e 17.4R2-S11 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 18.2 \u0434\u043e 18.2R3-S5 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 18.3 \u0434\u043e 18.3R2-S4 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 18.4 \u0434\u043e 18.4R2-S5 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 19.1 \u0434\u043e 19.1R3-S2 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 19.2 \u0434\u043e 19.2R1-S5 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 19.2 \u0434\u043e 19.2R3 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 19.3 \u0434\u043e 19.3R2-S4 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 19.3 \u0434\u043e 19.3R3 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 19.4 \u0434\u043e 19.4R1-S3 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 19.4 \u0434\u043e 19.4R2-S1 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 19.4 \u0434\u043e 19.4R3 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 20.1 \u0434\u043e 20.1R2 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 19.3 \u0434\u043e 19.3R3 EX series, Juniper Networks Inc. JunOS \u043e\u0442 19.4 \u0434\u043e 19.4R3 EX series, Juniper Networks Inc. JunOS \u043e\u0442 20.1 \u0434\u043e 20.1R2 EX series, Juniper Networks Inc. JunOS \u043e\u0442 15.1 \u0434\u043e 15.1R7-S7 EX series, Juniper Networks Inc. JunOS \u043e\u0442 16.1 \u0434\u043e 16.1R7-S8 EX series, Juniper Networks Inc. JunOS \u043e\u0442 17.2 \u0434\u043e 17.2R3-S4 EX series, Juniper Networks Inc. JunOS \u043e\u0442 17.3 \u0434\u043e 17.3R3-S8 EX series, Juniper Networks Inc. JunOS \u043e\u0442 17.4 \u0434\u043e 17.4R2-S11 EX series, Juniper Networks Inc. JunOS \u043e\u0442 17.4 \u0434\u043e 17.4R3-S2 EX series, Juniper Networks Inc. JunOS \u043e\u0442 18.1 \u0434\u043e 18.1R3-S10 EX series, Juniper Networks Inc. JunOS \u043e\u0442 18.2 \u0434\u043e 18.2R3-S5 EX series, Juniper Networks Inc. JunOS \u043e\u0442 18.3 \u0434\u043e 18.3R2-S4 EX series, Juniper Networks Inc. JunOS \u043e\u0442 18.3 \u0434\u043e 18.3R3-S2 EX series, Juniper Networks Inc. JunOS \u043e\u0442 18.4 \u0434\u043e 18.4R2-S5 EX series, Juniper Networks Inc. JunOS \u043e\u0442 18.4 \u0434\u043e 18.4R3-S3 EX series, Juniper Networks Inc. JunOS \u043e\u0442 19.1 \u0434\u043e 19.1R2-S2 EX series, Juniper Networks Inc. JunOS \u043e\u0442 19.1 \u0434\u043e 19.1R3-S2 EX series, Juniper Networks Inc. JunOS \u043e\u0442 19.2 \u0434\u043e 19.2R1-S5 EX series, Juniper Networks Inc. JunOS \u043e\u0442 19.2 \u0434\u043e 19.2R2-S1 EX series, Juniper Networks Inc. JunOS \u043e\u0442 19.2 \u0434\u043e 19.2R3 EX series, Juniper Networks Inc. JunOS \u043e\u0442 19.3 \u0434\u043e 19.3R2-S4 EX series, Juniper Networks Inc. JunOS \u043e\u0442 19.4 \u0434\u043e 19.4R1-S3 EX series, Juniper Networks Inc. JunOS \u043e\u0442 19.4 \u0434\u043e 19.4R2-S1 EX series, Juniper Networks Inc. JunOS \u043e\u0442 20.1 \u0434\u043e 20.1R1-S2 EX series, Juniper Networks Inc. JunOS \u043e\u0442 15.1 \u0434\u043e 15.1R7-S7 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 16.1 \u0434\u043e 16.1R7-S8 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 17.2 \u0434\u043e 17.2R3-S4 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 17.3 \u0434\u043e 17.3R3-S8 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 17.4 \u0434\u043e 17.4R3-S2 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 18.1 \u0434\u043e 18.1R3-S10 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 18.3 \u0434\u043e 18.3R3-S2 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 18.4 \u0434\u043e 18.4R3-S3 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 19.1 \u0434\u043e 19.1R2-S2 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 19.2 \u0434\u043e 19.2R2-S1 QFX5K, Juniper Networks Inc. JunOS \u043e\u0442 20.1 \u0434\u043e 20.1R1-S2 QFX5K",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0444\u0438\u043b\u044f Storm Control \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Junos \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 \u0441\u0435\u0440\u0438\u0439 EX \u0438 QFX5K, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u043e\u043b\u043d\u043e\u0435 \u0444\u0438\u043b\u044c\u0442\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u043e\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 (CWE-794)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0444\u0438\u043b\u044f Storm Control \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Junos \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 \u0441\u0435\u0440\u0438\u0439 EX \u0438 QFX5K \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11093\u0026cat=SIRT_1\u0026actp=LIST\nhttps://kb.juniper.net/JSA11093",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-794",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,6)"
}

CVE-2021-0203 (GCVE-0-2021-0203)

Vulnerability from cvelistv5 – Published: 2021-01-15 17:35 – Updated: 2024-09-17 01:01

Title

Junos OS: EX and QFX5K Series: Storm Control does not work as expected when Redundant Trunk Group is configured

Summary

On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. Storm Control enables the device to monitor traffic levels and to drop broadcast, multicast, and unknown unicast packets when a specified traffic level is exceeded, thus preventing packets from proliferating and degrading the LAN. Note: this issue does not affect EX2200, EX3300, EX4200, and EX9200 Series. This issue affects Juniper Networks Junos OS on EX Series and QFX5K Series: 15.1 versions prior to 15.1R7-S7; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2.

Severity ?

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-794 - Incomplete Filtering of Multiple Instances of Special Elements

Assigner

juniper

References

URL

Tags

https://kb.juniper.net/JSA11093

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS	Affected: 15.1 , < 15.1R7-S7 (custom) Affected: 16.1 , < 16.1R7-S8 (custom) Affected: 17.2 , < 17.2R3-S4 (custom) Affected: 17.3 , < 17.3R3-S8 (custom) Affected: 17.4 , < 17.4R2-S11, 17.4R3-S2 (custom) Affected: 18.1 , < 18.1R3-S10 (custom) Affected: 18.2 , < 18.2R3-S5 (custom) Affected: 18.3 , < 18.3R2-S4, 18.3R3-S2 (custom) Affected: 18.4 , < 18.4R2-S5, 18.4R3-S3 (custom) Affected: 19.1 , < 19.1R2-S2, 19.1R3-S2 (custom) Affected: 19.2 , < 19.2R1-S5, 19.2R2-S1, 19.2R3 (custom) Affected: 19.3 , < 19.3R2-S4, 19.3R3 (custom) Affected: 19.4 , < 19.4R1-S3, 19.4R2-S1, 19.4R3 (custom) Affected: 20.1 , < 20.1R1-S2, 20.1R2 (custom)

Date Public ?

2021-01-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:32:10.076Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11093"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "EX Series, QFX5K Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "15.1R7-S7",
              "status": "affected",
              "version": "15.1",
              "versionType": "custom"
            },
            {
              "lessThan": "16.1R7-S8",
              "status": "affected",
              "version": "16.1",
              "versionType": "custom"
            },
            {
              "lessThan": "17.2R3-S4",
              "status": "affected",
              "version": "17.2",
              "versionType": "custom"
            },
            {
              "lessThan": "17.3R3-S8",
              "status": "affected",
              "version": "17.3",
              "versionType": "custom"
            },
            {
              "lessThan": "17.4R2-S11, 17.4R3-S2",
              "status": "affected",
              "version": "17.4",
              "versionType": "custom"
            },
            {
              "lessThan": "18.1R3-S10",
              "status": "affected",
              "version": "18.1",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2R3-S5",
              "status": "affected",
              "version": "18.2",
              "versionType": "custom"
            },
            {
              "lessThan": "18.3R2-S4, 18.3R3-S2",
              "status": "affected",
              "version": "18.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R2-S5, 18.4R3-S3",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1R2-S2, 19.1R3-S2",
              "status": "affected",
              "version": "19.1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R1-S5, 19.2R2-S1, 19.2R3",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R2-S4, 19.3R3",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R1-S3, 19.4R2-S1, 19.4R3",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.1R1-S2, 20.1R2",
              "status": "affected",
              "version": "20.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "This issue affects device with RTG configured:\n  [switch-options redundant-trunk-group]\n\nin combination with the Storm Control configuration:\n\nFor Enhanced Layer 2 Software (ELS) release;\n [interfaces \u003cinterface-name\u003e unit 0 family ethernet-switching storm-control \u003cprofile-name\u003e]\n(see https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/rate-limiting-storm-control-disabling-cli-els.html for reference)\n\nFor non-ELS release:\n  [ethernet-switching-options storm-control interface \u003cRGT_interface\u003e]\nor\n  [ethernet-switching-options storm-control interface all]\n(see https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/rate-limiting-storm-control-disabling-cli.html)"
        }
      ],
      "datePublic": "2021-01-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. Storm Control enables the device to monitor traffic levels and to drop broadcast, multicast, and unknown unicast packets when a specified traffic level is exceeded, thus preventing packets from proliferating and degrading the LAN. Note: this issue does not affect EX2200, EX3300, EX4200, and EX9200 Series. This issue affects Juniper Networks Junos OS on EX Series and QFX5K Series: 15.1 versions prior to 15.1R7-S7; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-794",
              "description": "CWE-794: Incomplete Filtering of Multiple Instances of Special Elements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-15T17:35:52.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA11093"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 15.1R7-S7, 16.1R7-S8, 17.2R3-S4, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.1R3-S10, 18.2R3-S5, 18.3R2-S4, 18.3R3-S2, 18.4R2-S5, 18.4R3-S3, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R2-S1, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1  and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11093",
        "defect": [
          "1491669"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: EX and QFX5K Series: Storm Control does not work as expected when Redundant Trunk Group is configured",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2021-01-13T17:00:00.000Z",
          "ID": "CVE-2021-0203",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: EX and QFX5K Series: Storm Control does not work as expected when Redundant Trunk Group is configured"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "EX Series, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "15.1",
                            "version_value": "15.1R7-S7"
                          },
                          {
                            "platform": "EX Series, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "16.1",
                            "version_value": "16.1R7-S8"
                          },
                          {
                            "platform": "EX Series, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "17.2",
                            "version_value": "17.2R3-S4"
                          },
                          {
                            "platform": "EX Series, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "17.3",
                            "version_value": "17.3R3-S8"
                          },
                          {
                            "platform": "EX Series, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "17.4",
                            "version_value": "17.4R2-S11, 17.4R3-S2"
                          },
                          {
                            "platform": "EX Series, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "18.1",
                            "version_value": "18.1R3-S10"
                          },
                          {
                            "platform": "EX Series, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "18.2",
                            "version_value": "18.2R3-S5"
                          },
                          {
                            "platform": "EX Series, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "18.3",
                            "version_value": "18.3R2-S4, 18.3R3-S2"
                          },
                          {
                            "platform": "EX Series, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R2-S5, 18.4R3-S3"
                          },
                          {
                            "platform": "EX Series, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "19.1",
                            "version_value": "19.1R2-S2, 19.1R3-S2"
                          },
                          {
                            "platform": "EX Series, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R1-S5, 19.2R2-S1, 19.2R3"
                          },
                          {
                            "platform": "EX Series, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R2-S4, 19.3R3"
                          },
                          {
                            "platform": "EX Series, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R1-S3, 19.4R2-S1, 19.4R3"
                          },
                          {
                            "platform": "EX Series, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "20.1",
                            "version_value": "20.1R1-S2, 20.1R2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "This issue affects device with RTG configured:\n  [switch-options redundant-trunk-group]\n\nin combination with the Storm Control configuration:\n\nFor Enhanced Layer 2 Software (ELS) release;\n [interfaces \u003cinterface-name\u003e unit 0 family ethernet-switching storm-control \u003cprofile-name\u003e]\n(see https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/rate-limiting-storm-control-disabling-cli-els.html for reference)\n\nFor non-ELS release:\n  [ethernet-switching-options storm-control interface \u003cRGT_interface\u003e]\nor\n  [ethernet-switching-options storm-control interface all]\n(see https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/rate-limiting-storm-control-disabling-cli.html)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. Storm Control enables the device to monitor traffic levels and to drop broadcast, multicast, and unknown unicast packets when a specified traffic level is exceeded, thus preventing packets from proliferating and degrading the LAN. Note: this issue does not affect EX2200, EX3300, EX4200, and EX9200 Series. This issue affects Juniper Networks Junos OS on EX Series and QFX5K Series: 15.1 versions prior to 15.1R7-S7; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-794: Incomplete Filtering of Multiple Instances of Special Elements"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11093",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA11093"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 15.1R7-S7, 16.1R7-S8, 17.2R3-S4, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.1R3-S10, 18.2R3-S5, 18.3R2-S4, 18.3R3-S2, 18.4R2-S5, 18.4R3-S3, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R2-S1, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1  and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11093",
          "defect": [
            "1491669"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "There are no known workarounds for this issue."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2021-0203",
    "datePublished": "2021-01-15T17:35:52.190Z",
    "dateReserved": "2020-10-27T00:00:00.000Z",
    "dateUpdated": "2024-09-17T01:01:23.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2021-00993

CVE-2021-0203 (GCVE-0-2021-0203)

Tags

Sightings

Nomenclature