Vulnerability-Lookup

BDU:2021-03087

Vulnerability from fstec - Published: 14.04.2021

Title

Уязвимость конфигурации модульных концентраторов портов Juniper Networks MPC (Modular Port Concentrator) операционных систем Junos OS маршрутизаторов серий MX и EX9200, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость конфигурации модульных концентраторов портов Juniper Networks MPC (Modular Port Concentrator) операционных систем Junos OS маршрутизаторов серий MX и EX9200 связана с неконтролируемым расходом ресурсов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Juniper Networks Inc.

Software Name

JunOS

Software Version

от 19.2 до 19.2R2 (JunOS), от 19.3 до 19.3R3 (JunOS), от 17.3 до 17.3R3-S8 (JunOS), от 18.3 до 18.3R3-S2 (JunOS), от 19.4 до 19.4R2 (JunOS), от 17.4 до 17.4R3-S2 (JunOS), от 18.2 до 18.2R3-S4 (JunOS), от 17.3 до 17.3R3-S10 (JunOS), от 17.4 до 17.4R3-S3 (JunOS), от 18.3 до 18.3R3-S4 (JunOS), от 18.4 до 18.4R3-S6 (JunOS), от 19.3 до 19.3R3-S1 (JunOS), от 19.4 до 19.4R3 (JunOS), от 20.2 до 20.2R2 (JunOS), от 20.3 до 20.3R1-S1 (JunOS), от 18.2 до 18.2R3-S7 (JunOS), от 19.2 до 19.2R3-S2 (JunOS), от 19.4 до 19.4R2-S2 (JunOS), от 20.2 до 20.2R1-S3 (JunOS), от 18.4 до 18.4R3-S1 (JunOS)

Possible Mitigations

Использование рекомендаций: https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11148

Reference

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11148 https://nvd.nist.gov/vuln/detail/CVE-2021-0257

CWE

CWE-400

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
  "CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Juniper Networks Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 19.2 \u0434\u043e 19.2R2 (JunOS), \u043e\u0442 19.3 \u0434\u043e 19.3R3 (JunOS), \u043e\u0442 17.3 \u0434\u043e 17.3R3-S8 (JunOS), \u043e\u0442 18.3 \u0434\u043e 18.3R3-S2 (JunOS), \u043e\u0442 19.4 \u0434\u043e 19.4R2 (JunOS), \u043e\u0442 17.4 \u0434\u043e 17.4R3-S2 (JunOS), \u043e\u0442 18.2 \u0434\u043e 18.2R3-S4 (JunOS), \u043e\u0442 17.3 \u0434\u043e 17.3R3-S10 (JunOS), \u043e\u0442 17.4 \u0434\u043e 17.4R3-S3 (JunOS), \u043e\u0442 18.3 \u0434\u043e 18.3R3-S4 (JunOS), \u043e\u0442 18.4 \u0434\u043e 18.4R3-S6 (JunOS), \u043e\u0442 19.3 \u0434\u043e 19.3R3-S1 (JunOS), \u043e\u0442 19.4 \u0434\u043e 19.4R3 (JunOS), \u043e\u0442 20.2 \u0434\u043e 20.2R2 (JunOS), \u043e\u0442 20.3 \u0434\u043e 20.3R1-S1 (JunOS), \u043e\u0442 18.2 \u0434\u043e 18.2R3-S7 (JunOS), \u043e\u0442 19.2 \u0434\u043e 19.2R3-S2 (JunOS), \u043e\u0442 19.4 \u0434\u043e 19.4R2-S2 (JunOS), \u043e\u0442 20.2 \u0434\u043e 20.2R1-S3 (JunOS), \u043e\u0442 18.4 \u0434\u043e 18.4R3-S1 (JunOS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11148",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.04.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.06.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.06.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-03087",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-0257",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "JunOS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Juniper Networks Inc. JunOS \u043e\u0442 19.2 \u0434\u043e 19.2R2 , Juniper Networks Inc. JunOS \u043e\u0442 19.3 \u0434\u043e 19.3R3 , Juniper Networks Inc. JunOS \u043e\u0442 17.3 \u0434\u043e 17.3R3-S8 , Juniper Networks Inc. JunOS \u043e\u0442 18.3 \u0434\u043e 18.3R3-S2 , Juniper Networks Inc. JunOS \u043e\u0442 19.4 \u0434\u043e 19.4R2 , Juniper Networks Inc. JunOS \u043e\u0442 17.4 \u0434\u043e 17.4R3-S2 , Juniper Networks Inc. JunOS \u043e\u0442 18.2 \u0434\u043e 18.2R3-S4 , Juniper Networks Inc. JunOS \u043e\u0442 17.3 \u0434\u043e 17.3R3-S10 Juniper MX Series, Juniper Networks Inc. JunOS \u043e\u0442 17.4 \u0434\u043e 17.4R3-S3 Juniper MX Series, Juniper Networks Inc. JunOS \u043e\u0442 18.3 \u0434\u043e 18.3R3-S4 Juniper MX Series, Juniper Networks Inc. JunOS \u043e\u0442 18.4 \u0434\u043e 18.4R3-S6 Juniper MX Series, Juniper Networks Inc. JunOS \u043e\u0442 19.3 \u0434\u043e 19.3R3-S1 Juniper MX Series, Juniper Networks Inc. JunOS \u043e\u0442 19.4 \u0434\u043e 19.4R3 Juniper MX Series, Juniper Networks Inc. JunOS \u043e\u0442 20.2 \u0434\u043e 20.2R2 Juniper MX Series, Juniper Networks Inc. JunOS \u043e\u0442 20.3 \u0434\u043e 20.3R1-S1 Juniper MX Series, Juniper Networks Inc. JunOS \u043e\u0442 17.3 \u0434\u043e 17.3R3-S10 EX9200 Series, Juniper Networks Inc. JunOS \u043e\u0442 17.4 \u0434\u043e 17.4R3-S3 EX9200 Series, Juniper Networks Inc. JunOS \u043e\u0442 18.2 \u0434\u043e 18.2R3-S7 EX9200 Series, Juniper Networks Inc. JunOS \u043e\u0442 18.2 \u0434\u043e 18.2R3-S7 Juniper MX Series, Juniper Networks Inc. JunOS \u043e\u0442 18.3 \u0434\u043e 18.3R3-S4 EX9200 Series, Juniper Networks Inc. JunOS \u043e\u0442 18.4 \u0434\u043e 18.4R3-S6 EX9200 Series, Juniper Networks Inc. JunOS \u043e\u0442 19.2 \u0434\u043e 19.2R3-S2 EX9200 Series, Juniper Networks Inc. JunOS \u043e\u0442 19.2 \u0434\u043e 19.2R3-S2 Juniper MX Series, Juniper Networks Inc. JunOS \u043e\u0442 19.3 \u0434\u043e 19.3R3-S1 EX9200 Series, Juniper Networks Inc. JunOS \u043e\u0442 19.4 \u0434\u043e 19.4R2-S2 EX9200 Series, Juniper Networks Inc. JunOS \u043e\u0442 19.4 \u0434\u043e 19.4R2-S2 Juniper MX Series, Juniper Networks Inc. JunOS \u043e\u0442 19.4 \u0434\u043e 19.4R3 EX9200 Series, Juniper Networks Inc. JunOS \u043e\u0442 20.2 \u0434\u043e 20.2R1-S3 EX9200 Series, Juniper Networks Inc. JunOS \u043e\u0442 20.2 \u0434\u043e 20.2R1-S3 Juniper MX Series, Juniper Networks Inc. JunOS \u043e\u0442 20.2 \u0434\u043e 20.2R2 EX9200 Series, Juniper Networks Inc. JunOS \u043e\u0442 20.3 \u0434\u043e 20.3R1-S1 EX9200 Series, Juniper Networks Inc. JunOS \u043e\u0442 18.4 \u0434\u043e 18.4R3-S1 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043c\u043e\u0434\u0443\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043d\u0446\u0435\u043d\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u043f\u043e\u0440\u0442\u043e\u0432 Juniper Networks MPC (Modular Port Concentrator) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Junos OS \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 \u0441\u0435\u0440\u0438\u0439 MX \u0438 EX9200, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0440\u0430\u0441\u0445\u043e\u0434 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (\u00ab\u0418\u0441\u0442\u043e\u0449\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u00bb) (CWE-400)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043c\u043e\u0434\u0443\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043d\u0446\u0435\u043d\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u043f\u043e\u0440\u0442\u043e\u0432 Juniper Networks MPC (Modular Port Concentrator) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Junos OS \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 \u0441\u0435\u0440\u0438\u0439 MX \u0438 EX9200 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0441\u0445\u043e\u0434\u043e\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11148\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-0257",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-400",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

CVE-2021-0257 (GCVE-0-2021-0257)

Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 01:20

Title

Junos OS: MX Series, EX9200 Series: Trio-based MPCs memory leak in VPLS with integrated routing and bridging (IRB) interface

Summary

On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port Concentrators) where Integrated Routing and Bridging (IRB) interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge (CE) devices may cause memory leaks in the MPC of Provider Edge (PE) devices which can cause an out of memory condition and MPC restart. When this issue occurs, there will be temporary traffic interruption until the MPC is restored. An administrator can use the following CLI command to monitor the status of memory usage level of the MPC: user@device> show system resource-monitor fpc FPC Resource Usage Summary Free Heap Mem Watermark : 20 % Free NH Mem Watermark : 20 % Free Filter Mem Watermark : 20 % * - Watermark reached Slot # % Heap Free RTT Average RTT 1 87 PFE # % ENCAP mem Free % NH mem Free % FW mem Free 0 NA 88 99 1 NA 89 99 When the issue is occurring, the value of “% NH mem Free” will go down until the MPC restarts. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines), including MX-MPC1-3D, MX-MPC1E-3D, MX-MPC2-3D, MX-MPC2E-3D, MPC-3D-16XGE, and CHAS-MXxx Series MPCs. No other products or platforms are affected by this issue. This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R3-S3; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.2 versions prior to 20.2R1-S3, 20.2R2; 20.3 versions prior to 20.3R1-S1,, 20.3R2. This issue does not affect Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R3-S2; 18.1; 18.2 versions prior to 18.2R3-S4; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R3-S1; 19.1; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

juniper

References

URL

Tags

https://kb.juniper.net/JSA11148

x_refsource_MISC

Impacted products

Vendor

Product

Version

Juniper Networks

Junos OS

Affected: 17.3 , < 17.3R3-S10 (custom)
Affected: 17.4 , < 17.4R3-S3 (custom)
Affected: 18.2 , < 18.2R3-S7 (custom)
Affected: 18.3 , < 18.3R3-S4 (custom)
Affected: 18.4 , < 18.4R3-S6 (custom)
Affected: 19.2 , < 19.2R3-S2 (custom)
Affected: 19.3 , < 19.3R3-S1 (custom)
Affected: 19.4 , < 19.4R2-S2, 19.4R3 (custom)
Affected: 20.2 , < 20.2R1-S3, 20.2R2 (custom)
Affected: 20.3 , < 20.3R1-S1,, 20.3R2 (custom)

Juniper Networks

Junos OS

Unaffected: 18.1
Unaffected: 19.1
Unaffected: 17.3 , < 17.3R3-S8 (custom)
Unaffected: 17.4 , < 17.4R3-S2 (custom)
Unaffected: 18.2 , < 18.2R3-S4 (custom)
Unaffected: 18.3 , < 18.3R3-S2 (custom)
Unaffected: 18.4 , < 18.4R3-S1 (custom)
Unaffected: 19.2 , < 19.2R2 (custom)
Unaffected: 19.3 , < 19.3R3 (custom)
Unaffected: 19.4 , < 19.4R2 (custom)

Date Public ?

2021-04-14 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:32:10.531Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11148"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "MX Series, EX9200 Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "17.3R3-S10",
              "status": "affected",
              "version": "17.3",
              "versionType": "custom"
            },
            {
              "lessThan": "17.4R3-S3",
              "status": "affected",
              "version": "17.4",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2R3-S7",
              "status": "affected",
              "version": "18.2",
              "versionType": "custom"
            },
            {
              "lessThan": "18.3R3-S4",
              "status": "affected",
              "version": "18.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R3-S6",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R3-S2",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R3-S1",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R2-S2, 19.4R3",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R1-S3, 20.2R2",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3R1-S1,, 20.3R2",
              "status": "affected",
              "version": "20.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "18.1"
            },
            {
              "status": "unaffected",
              "version": "19.1"
            },
            {
              "lessThan": "17.3R3-S8",
              "status": "unaffected",
              "version": "17.3",
              "versionType": "custom"
            },
            {
              "lessThan": "17.4R3-S2",
              "status": "unaffected",
              "version": "17.4",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2R3-S4",
              "status": "unaffected",
              "version": "18.2",
              "versionType": "custom"
            },
            {
              "lessThan": "18.3R3-S2",
              "status": "unaffected",
              "version": "18.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R3-S1",
              "status": "unaffected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R2",
              "status": "unaffected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R3",
              "status": "unaffected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R2",
              "status": "unaffected",
              "version": "19.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "A sample configuration of an IRB interface configured for VPLS is shown below:\n\n  routing-instances {\n      instance1 {\n        instance-type vpls;\n        routing-interface irb.1234;\n    }"
        }
      ],
      "datePublic": "2021-04-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port Concentrators) where Integrated Routing and Bridging (IRB) interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge (CE) devices may cause memory leaks in the MPC of Provider Edge (PE) devices which can cause an out of memory condition and MPC restart. When this issue occurs, there will be temporary traffic interruption until the MPC is restored. An administrator can use the following CLI command to monitor the status of memory usage level of the MPC: user@device\u003e show system resource-monitor fpc FPC Resource Usage Summary Free Heap Mem Watermark : 20 % Free NH Mem Watermark : 20 % Free Filter Mem Watermark : 20 % * - Watermark reached Slot # % Heap Free RTT Average RTT 1 87 PFE # % ENCAP mem Free % NH mem Free % FW mem Free 0 NA 88 99 1 NA 89 99 When the issue is occurring, the value of \u201c% NH mem Free\u201d will go down until the MPC restarts. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines), including MX-MPC1-3D, MX-MPC1E-3D, MX-MPC2-3D, MX-MPC2E-3D, MPC-3D-16XGE, and CHAS-MXxx Series MPCs. No other products or platforms are affected by this issue. This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R3-S3; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.2 versions prior to 20.2R1-S3, 20.2R2; 20.3 versions prior to 20.3R1-S1,, 20.3R2. This issue does not affect Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R3-S2; 18.1; 18.2 versions prior to 18.2R3-S4; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R3-S1; 19.1; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T19:37:17.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.juniper.net/JSA11148"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S10, 17.4R3-S3, 18.2R3-S7, 18.3R3-S4, 18.4R3-S6, 19.2R3-S2, 19.3R3-S1, 19.4R2-S2, 19.4R3, 20.1R2, 20.2R1-S3, 20.2R2, 20.2R3, 20.3R1-S1, 20.3R2, 20.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11148",
        "defect": [
          "1528641"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: MX Series, EX9200 Series: Trio-based MPCs memory leak in VPLS with integrated routing and bridging (IRB) interface",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no viable workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
          "ID": "CVE-2021-0257",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: MX Series, EX9200 Series: Trio-based MPCs memory leak in VPLS with integrated routing and bridging (IRB) interface"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "MX Series, EX9200 Series",
                            "version_affected": "\u003c",
                            "version_name": "17.3",
                            "version_value": "17.3R3-S10"
                          },
                          {
                            "platform": "MX Series, EX9200 Series",
                            "version_affected": "\u003c",
                            "version_name": "17.4",
                            "version_value": "17.4R3-S3"
                          },
                          {
                            "platform": "MX Series, EX9200 Series",
                            "version_affected": "\u003c",
                            "version_name": "18.2",
                            "version_value": "18.2R3-S7"
                          },
                          {
                            "platform": "MX Series, EX9200 Series",
                            "version_affected": "\u003c",
                            "version_name": "18.3",
                            "version_value": "18.3R3-S4"
                          },
                          {
                            "platform": "MX Series, EX9200 Series",
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R3-S6"
                          },
                          {
                            "platform": "MX Series, EX9200 Series",
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R3-S2"
                          },
                          {
                            "platform": "MX Series, EX9200 Series",
                            "version_affected": "\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R3-S1"
                          },
                          {
                            "platform": "MX Series, EX9200 Series",
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R2-S2, 19.4R3"
                          },
                          {
                            "platform": "MX Series, EX9200 Series",
                            "version_affected": "\u003c",
                            "version_name": "20.2",
                            "version_value": "20.2R1-S3, 20.2R2"
                          },
                          {
                            "platform": "MX Series, EX9200 Series",
                            "version_affected": "\u003c",
                            "version_name": "20.3",
                            "version_value": "20.3R1-S1,, 20.3R2"
                          },
                          {
                            "version_affected": "!\u003c",
                            "version_name": "17.3",
                            "version_value": "17.3R3-S8"
                          },
                          {
                            "version_affected": "!\u003c",
                            "version_name": "17.4",
                            "version_value": "17.4R3-S2"
                          },
                          {
                            "version_affected": "!",
                            "version_value": "18.1"
                          },
                          {
                            "version_affected": "!\u003c",
                            "version_name": "18.2",
                            "version_value": "18.2R3-S4"
                          },
                          {
                            "version_affected": "!\u003c",
                            "version_name": "18.3",
                            "version_value": "18.3R3-S2"
                          },
                          {
                            "version_affected": "!\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R3-S1"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "19.1",
                            "version_value": "19.1"
                          },
                          {
                            "version_affected": "!\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R2"
                          },
                          {
                            "version_affected": "!\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R3"
                          },
                          {
                            "version_affected": "!\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "A sample configuration of an IRB interface configured for VPLS is shown below:\n\n  routing-instances {\n      instance1 {\n        instance-type vpls;\n        routing-interface irb.1234;\n    }"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port Concentrators) where Integrated Routing and Bridging (IRB) interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge (CE) devices may cause memory leaks in the MPC of Provider Edge (PE) devices which can cause an out of memory condition and MPC restart. When this issue occurs, there will be temporary traffic interruption until the MPC is restored. An administrator can use the following CLI command to monitor the status of memory usage level of the MPC: user@device\u003e show system resource-monitor fpc FPC Resource Usage Summary Free Heap Mem Watermark : 20 % Free NH Mem Watermark : 20 % Free Filter Mem Watermark : 20 % * - Watermark reached Slot # % Heap Free RTT Average RTT 1 87 PFE # % ENCAP mem Free % NH mem Free % FW mem Free 0 NA 88 99 1 NA 89 99 When the issue is occurring, the value of \u201c% NH mem Free\u201d will go down until the MPC restarts. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines), including MX-MPC1-3D, MX-MPC1E-3D, MX-MPC2-3D, MX-MPC2E-3D, MPC-3D-16XGE, and CHAS-MXxx Series MPCs. No other products or platforms are affected by this issue. This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R3-S3; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.2 versions prior to 20.2R1-S3, 20.2R2; 20.3 versions prior to 20.3R1-S1,, 20.3R2. This issue does not affect Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R3-S2; 18.1; 18.2 versions prior to 18.2R3-S4; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R3-S1; 19.1; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400 Uncontrolled Resource Consumption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11148",
              "refsource": "MISC",
              "url": "https://kb.juniper.net/JSA11148"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S10, 17.4R3-S3, 18.2R3-S7, 18.3R3-S4, 18.4R3-S6, 19.2R3-S2, 19.3R3-S1, 19.4R2-S2, 19.4R3, 20.1R2, 20.2R1-S3, 20.2R2, 20.2R3, 20.3R1-S1, 20.3R2, 20.4R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11148",
          "defect": [
            "1528641"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "There are no viable workarounds for this issue."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2021-0257",
    "datePublished": "2021-04-22T19:37:17.394Z",
    "dateReserved": "2020-10-27T00:00:00.000Z",
    "dateUpdated": "2024-09-17T01:20:53.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2021-03087

CVE-2021-0257 (GCVE-0-2021-0257)

Tags

Sightings

Nomenclature