Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-0297 (GCVE-0-2021-0297)
Vulnerability from cvelistv5 – Published: 2021-10-19 18:16 – Updated: 2024-09-17 02:12
VLAI?
EPSS
Summary
A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue.
Severity ?
6.5 (Medium)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Affected:
unspecified , < 20.3R2-S1-EVO
(custom)
Affected: 20.4 , < 20.4R2-EVO (custom) Affected: 21.1 , < 21.1R2-EVO (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.3R2-S1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.4R2-EVO",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R2-EVO",
"status": "affected",
"version": "21.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:16:23",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11211"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.3R2-S1-EVO, 20.4R2-EVO, 21.1R2-EVO, 21.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11211",
"defect": [
"1569843"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: BGP and LDP sessions with TCP MD5 authentication established with peers not configured for authentication",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-0297",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: BGP and LDP sessions with TCP MD5 authentication established with peers not configured for authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.3R2-S1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11211",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11211"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.3R2-S1-EVO, 20.4R2-EVO, 21.1R2-EVO, 21.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11211",
"defect": [
"1569843"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0297",
"datePublished": "2021-10-19T18:16:23.693560Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T02:12:14.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos_os_evolved:20.3:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"4AFB91E3-CAAC-429F-A869-DDD40FB0F84D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos_os_evolved:20.3:r1-s1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A9CA997-2DDA-4808-B2AE-8804FEB798B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos_os_evolved:20.3:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"423843B3-B2BE-427B-B625-4E3146D26390\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9C8866D-162F-4C9B-8167-2FBA25410368\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE674DD3-3590-4434-B144-5AD7EB5F039D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el procesamiento de la autenticaci\\u00f3n TCP MD5 en Juniper Networks Junos OS Evolved puede permitir a una sesi\\u00f3n BGP o LDP configurada con autenticaci\\u00f3n MD5 tener \\u00e9xito, incluso si el peer no tiene habilitada la autenticaci\\u00f3n TCP MD5. Esto podr\\u00eda conllevar a el establecimiento de sesiones no confiables o no autorizadas, lo que tendr\\u00eda un impacto en la confidencialidad o la estabilidad de la red. Este problema afecta a Juniper Networks Junos OS Evolved: Todas las versiones anteriores a 20.3R2-S1-EVO; versiones 20.4 anteriores a 20.4R2-EVO; versiones 21.1 anteriores a 21.1R2-EVO. Juniper Networks Junos OS no est\\u00e1 afectado por este problema\"}]",
"id": "CVE-2021-0297",
"lastModified": "2024-11-21T05:42:25.963",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-10-19T19:15:08.290",
"references": "[{\"url\": \"https://kb.juniper.net/JSA11211\", \"source\": \"sirt@juniper.net\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://kb.juniper.net/JSA11211\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-755\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-755\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-0297\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2021-10-19T19:15:08.290\",\"lastModified\":\"2024-11-21T05:42:25.963\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el procesamiento de la autenticaci\u00f3n TCP MD5 en Juniper Networks Junos OS Evolved puede permitir a una sesi\u00f3n BGP o LDP configurada con autenticaci\u00f3n MD5 tener \u00e9xito, incluso si el peer no tiene habilitada la autenticaci\u00f3n TCP MD5. Esto podr\u00eda conllevar a el establecimiento de sesiones no confiables o no autorizadas, lo que tendr\u00eda un impacto en la confidencialidad o la estabilidad de la red. Este problema afecta a Juniper Networks Junos OS Evolved: Todas las versiones anteriores a 20.3R2-S1-EVO; versiones 20.4 anteriores a 20.4R2-EVO; versiones 21.1 anteriores a 21.1R2-EVO. Juniper Networks Junos OS no est\u00e1 afectado por este problema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AFB91E3-CAAC-429F-A869-DDD40FB0F84D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.3:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A9CA997-2DDA-4808-B2AE-8804FEB798B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.3:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"423843B3-B2BE-427B-B625-4E3146D26390\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9C8866D-162F-4C9B-8167-2FBA25410368\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE674DD3-3590-4434-B144-5AD7EB5F039D\"}]}]}],\"references\":[{\"url\":\"https://kb.juniper.net/JSA11211\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://kb.juniper.net/JSA11211\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
GHSA-7WWM-2JV9-972X
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17
VLAI?
Details
A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue.
{
"affected": [],
"aliases": [
"CVE-2021-0297"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-19T19:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue.",
"id": "GHSA-7wwm-2jv9-972x",
"modified": "2022-05-24T19:17:55Z",
"published": "2022-05-24T19:17:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0297"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA11211"
}
],
"schema_version": "1.4.0",
"severity": []
}
FKIE_CVE-2021-0297
Vulnerability from fkie_nvd - Published: 2021-10-19 19:15 - Updated: 2024-11-21 05:42
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA11211 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA11211 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos_os_evolved | 20.3 | |
| juniper | junos_os_evolved | 20.3 | |
| juniper | junos_os_evolved | 20.3 | |
| juniper | junos_os_evolved | 20.4 | |
| juniper | junos_os_evolved | 21.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "4AFB91E3-CAAC-429F-A869-DDD40FB0F84D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "0A9CA997-2DDA-4808-B2AE-8804FEB798B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "423843B3-B2BE-427B-B625-4E3146D26390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "AE674DD3-3590-4434-B144-5AD7EB5F039D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el procesamiento de la autenticaci\u00f3n TCP MD5 en Juniper Networks Junos OS Evolved puede permitir a una sesi\u00f3n BGP o LDP configurada con autenticaci\u00f3n MD5 tener \u00e9xito, incluso si el peer no tiene habilitada la autenticaci\u00f3n TCP MD5. Esto podr\u00eda conllevar a el establecimiento de sesiones no confiables o no autorizadas, lo que tendr\u00eda un impacto en la confidencialidad o la estabilidad de la red. Este problema afecta a Juniper Networks Junos OS Evolved: Todas las versiones anteriores a 20.3R2-S1-EVO; versiones 20.4 anteriores a 20.4R2-EVO; versiones 21.1 anteriores a 21.1R2-EVO. Juniper Networks Junos OS no est\u00e1 afectado por este problema"
}
],
"id": "CVE-2021-0297",
"lastModified": "2024-11-21T05:42:25.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-19T19:15:08.290",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11211"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2021-0297
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-0297",
"description": "A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue.",
"id": "GSD-2021-0297"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-0297"
],
"details": "A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue.",
"id": "GSD-2021-0297",
"modified": "2023-12-13T01:23:07.752406Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-0297",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: BGP and LDP sessions with TCP MD5 authentication established with peers not configured for authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.3R2-S1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11211",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11211"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.3R2-S1-EVO, 20.4R2-EVO, 21.1R2-EVO, 21.2R1-EVO, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11211",
"defect": [
"1569843"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:juniper:junos_os_evolved:20.3:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos_os_evolved:20.3:r1-s1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos_os_evolved:20.3:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2021-0297"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11211",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11211"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
},
"lastModifiedDate": "2021-10-25T15:20Z",
"publishedDate": "2021-10-19T19:15Z"
}
}
}
CERTFR-2021-AVI-789
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Juniper Networks CTPView versions 9.1 antérieures à 9.1R3 | ||
| Juniper Networks | N/A | Juniper Networks SRC Series versions antérieures à 4.13.0-R6 | ||
| Juniper Networks | N/A | Juniper Networks CTPView versions 7.3 antérieures à 7.3R7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 19.4 antérieures à 19.4R1-S4, 19.4R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 19.4 antérieures à 19.4R2-S3, 19.4R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 17.4 antérieures à 17.4R2-S13, 17.4R3-S4 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.2R3-S2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.4R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 18.4 antérieures à 18.4R3-S9 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 19.1 antérieures à 19.1R1-S6, 19.1R2-S2, 19.1R3-S4 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 19.1 antérieures à 19.1R3-S7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 12.3X48 antérieures à 12.3X48-D105 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 17.4 antérieures à 17.4R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 20.3 antérieures à 20.3R2-S1, 20.3R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 21.1R2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 19.2 antérieures à 19.2R1-S7, 19.2R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 15.1 antérieures à 15.1R7-S10 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions antérieures à 18.4R3-S9 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 20.1 antérieures à 20.1R2-S2, 20.1R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 19.1 antérieures à 19.1R3-S6 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.3R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 18.4R3-S8 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 18.3 antérieures à 18.3R3-S4 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 20.3 antérieures à 20.3R1-S1, 20.3R2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.2R1-S7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 21.1R1-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 17.4R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 18.1 antérieures à 18.1R3-S12 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 18.1R3-S13 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 18.3R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 18.2 antérieures à 18.2R2-S8, 18.2R3-S7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 19.4 antérieures à 19.4R3-S6 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.3R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 20.4 antérieures à 20.4R2-S1, 20.4R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 20.2 antérieures à 20.2R3-S2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 17.3R3-S12 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 19.3 antérieures à 19.3R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.1R3-S6 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 20.3 antérieures à 20.3R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 21.2R1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 18.4 antérieures à 18.4R1-S8, 18.4R2-S7, 18.4R3-S7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 19.2 antérieures à 19.2R1-S6, 19.2R3-S2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 20.2 antérieures à 20.2R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 15.1X49 antérieures à 15.1X49-D220 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 21.1 antérieures à 21.1R2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 20.4 antérieures à 20.4R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 19.3 antérieures à 19.3R3-S4 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.3R2-S6 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.1R2-S2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 20.1 antérieures à 20.1R2, 20.1R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 20.2 antérieures à 20.2R2, 20.2R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions antérieures à 17.3R3-S11 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.4R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 19.3 antérieures à 19.3R2-S6, 19.3R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.2R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.1R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions antérieures à 18.2R3-S8 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 19.2 antérieures à 19.2R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 21.1 antérieures à 21.1R1-S1, 21.1R2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 20.1 antérieures à 20.1R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 18.3 antérieures à 18.3R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.4R2-S1 | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 21.2-EVO antérieures à 21.2R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions antérieures à 20.1R2-EVO sur PTX10003 et PTX10008 platforms | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved toutes versions 21.1-EVO et 21.2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions antérieures à 21.2R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 21.1 antérieures à 21.1R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 20.4 antérieures à 20.4R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 20.3 antérieures à 20.3R1-S2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 21.1-EVO antérieures à 21.1R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions antérieures à 20.4R3-S1-EVO |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks CTPView versions 9.1 ant\u00e9rieures \u00e0 9.1R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks SRC Series versions ant\u00e9rieures \u00e0 4.13.0-R6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks CTPView versions 7.3 ant\u00e9rieures \u00e0 7.3R7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 19.4 ant\u00e9rieures \u00e0 19.4R1-S4, 19.4R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 19.4 ant\u00e9rieures \u00e0 19.4R2-S3, 19.4R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 17.4 ant\u00e9rieures \u00e0 17.4R2-S13, 17.4R3-S4",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.2R3-S2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.4R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 18.4 ant\u00e9rieures \u00e0 18.4R3-S9",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 19.1 ant\u00e9rieures \u00e0 19.1R1-S6, 19.1R2-S2, 19.1R3-S4",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.1 ant\u00e9rieures \u00e0 19.1R3-S7",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D105",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 17.4 ant\u00e9rieures \u00e0 17.4R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 20.3 ant\u00e9rieures \u00e0 20.3R2-S1, 20.3R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.1R2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 19.2 ant\u00e9rieures \u00e0 19.2R1-S7, 19.2R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1R7-S10",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions ant\u00e9rieures \u00e0 18.4R3-S9",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 20.1 ant\u00e9rieures \u00e0 20.1R2-S2, 20.1R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 19.1 ant\u00e9rieures \u00e0 19.1R3-S6",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.3R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 18.4R3-S8",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 18.3 ant\u00e9rieures \u00e0 18.3R3-S4",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 20.3 ant\u00e9rieures \u00e0 20.3R1-S1, 20.3R2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.2R1-S7",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.1R1-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 17.4R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 18.1 ant\u00e9rieures \u00e0 18.1R3-S12",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 18.1R3-S13",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 18.3R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 18.2 ant\u00e9rieures \u00e0 18.2R2-S8, 18.2R3-S7",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.4 ant\u00e9rieures \u00e0 19.4R3-S6",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.3R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 20.4 ant\u00e9rieures \u00e0 20.4R2-S1, 20.4R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.2 ant\u00e9rieures \u00e0 20.2R3-S2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 17.3R3-S12",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 19.3 ant\u00e9rieures \u00e0 19.3R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.1R3-S6",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.3 ant\u00e9rieures \u00e0 20.3R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.2R1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 18.4 ant\u00e9rieures \u00e0 18.4R1-S8, 18.4R2-S7, 18.4R3-S7",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 19.2 ant\u00e9rieures \u00e0 19.2R1-S6, 19.2R3-S2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 20.2 ant\u00e9rieures \u00e0 20.2R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D220",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 21.1 ant\u00e9rieures \u00e0 21.1R2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.4 ant\u00e9rieures \u00e0 20.4R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.3 ant\u00e9rieures \u00e0 19.3R3-S4",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.3R2-S6",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.1R2-S2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 20.1 ant\u00e9rieures \u00e0 20.1R2, 20.1R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 20.2 ant\u00e9rieures \u00e0 20.2R2, 20.2R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions ant\u00e9rieures \u00e0 17.3R3-S11",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.4R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 19.3 ant\u00e9rieures \u00e0 19.3R2-S6, 19.3R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.2R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.1R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions ant\u00e9rieures \u00e0 18.2R3-S8",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.2 ant\u00e9rieures \u00e0 19.2R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 21.1 ant\u00e9rieures \u00e0 21.1R1-S1, 21.1R2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.1 ant\u00e9rieures \u00e0 20.1R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 18.3 ant\u00e9rieures \u00e0 18.3R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.4R2-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 21.2-EVO ant\u00e9rieures \u00e0 21.2R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 20.1R2-EVO sur PTX10003 et PTX10008 platforms",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved toutes versions 21.1-EVO et 21.2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 21.1 ant\u00e9rieures \u00e0 21.1R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 20.4 ant\u00e9rieures \u00e0 20.4R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 20.3 ant\u00e9rieures \u00e0 20.3R1-S2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 21.1-EVO ant\u00e9rieures \u00e0 21.1R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S1-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-0296",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0296"
},
{
"name": "CVE-2021-31356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31356"
},
{
"name": "CVE-2021-31363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31363"
},
{
"name": "CVE-2021-0299",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0299"
},
{
"name": "CVE-2021-31360",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31360"
},
{
"name": "CVE-2021-31355",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31355"
},
{
"name": "CVE-2021-31353",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31353"
},
{
"name": "CVE-2021-31354",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31354"
},
{
"name": "CVE-2021-0298",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0298"
},
{
"name": "CVE-2021-31361",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31361"
},
{
"name": "CVE-2021-31362",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31362"
},
{
"name": "CVE-2021-31359",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31359"
},
{
"name": "CVE-2021-31350",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31350"
},
{
"name": "CVE-2021-31351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31351"
},
{
"name": "CVE-2021-31357",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31357"
},
{
"name": "CVE-2021-31358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31358"
},
{
"name": "CVE-2021-0297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0297"
},
{
"name": "CVE-2021-31352",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31352"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-789",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11224 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11224\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11221 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11221\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11218 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11218\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11213 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11213\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11210 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11210\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11212 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11212\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11223 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11223\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11225 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11225\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11219 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11219\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11222 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11222\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11215 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11215\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11220 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11220\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11211 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11211\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11217 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11217\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11216 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11216\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2021-AVI-789
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Juniper Networks CTPView versions 9.1 antérieures à 9.1R3 | ||
| Juniper Networks | N/A | Juniper Networks SRC Series versions antérieures à 4.13.0-R6 | ||
| Juniper Networks | N/A | Juniper Networks CTPView versions 7.3 antérieures à 7.3R7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 19.4 antérieures à 19.4R1-S4, 19.4R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 19.4 antérieures à 19.4R2-S3, 19.4R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 17.4 antérieures à 17.4R2-S13, 17.4R3-S4 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.2R3-S2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.4R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 18.4 antérieures à 18.4R3-S9 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 19.1 antérieures à 19.1R1-S6, 19.1R2-S2, 19.1R3-S4 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 19.1 antérieures à 19.1R3-S7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 12.3X48 antérieures à 12.3X48-D105 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 17.4 antérieures à 17.4R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 20.3 antérieures à 20.3R2-S1, 20.3R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 21.1R2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 19.2 antérieures à 19.2R1-S7, 19.2R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 15.1 antérieures à 15.1R7-S10 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions antérieures à 18.4R3-S9 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 20.1 antérieures à 20.1R2-S2, 20.1R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 19.1 antérieures à 19.1R3-S6 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.3R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 18.4R3-S8 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 18.3 antérieures à 18.3R3-S4 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 20.3 antérieures à 20.3R1-S1, 20.3R2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.2R1-S7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 21.1R1-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 17.4R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 18.1 antérieures à 18.1R3-S12 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 18.1R3-S13 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 18.3R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 18.2 antérieures à 18.2R2-S8, 18.2R3-S7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 19.4 antérieures à 19.4R3-S6 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.3R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 20.4 antérieures à 20.4R2-S1, 20.4R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 20.2 antérieures à 20.2R3-S2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 17.3R3-S12 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 19.3 antérieures à 19.3R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.1R3-S6 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 20.3 antérieures à 20.3R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 21.2R1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 18.4 antérieures à 18.4R1-S8, 18.4R2-S7, 18.4R3-S7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 19.2 antérieures à 19.2R1-S6, 19.2R3-S2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 20.2 antérieures à 20.2R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 15.1X49 antérieures à 15.1X49-D220 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 21.1 antérieures à 21.1R2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 20.4 antérieures à 20.4R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 19.3 antérieures à 19.3R3-S4 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.3R2-S6 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.1R2-S2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 20.1 antérieures à 20.1R2, 20.1R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 20.2 antérieures à 20.2R2, 20.2R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions antérieures à 17.3R3-S11 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.4R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 19.3 antérieures à 19.3R2-S6, 19.3R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.2R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.1R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions antérieures à 18.2R3-S8 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 19.2 antérieures à 19.2R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 21.1 antérieures à 21.1R1-S1, 21.1R2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 20.1 antérieures à 20.1R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 18.3 antérieures à 18.3R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.4R2-S1 | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 21.2-EVO antérieures à 21.2R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions antérieures à 20.1R2-EVO sur PTX10003 et PTX10008 platforms | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved toutes versions 21.1-EVO et 21.2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions antérieures à 21.2R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 21.1 antérieures à 21.1R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 20.4 antérieures à 20.4R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 20.3 antérieures à 20.3R1-S2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 21.1-EVO antérieures à 21.1R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions antérieures à 20.4R3-S1-EVO |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks CTPView versions 9.1 ant\u00e9rieures \u00e0 9.1R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks SRC Series versions ant\u00e9rieures \u00e0 4.13.0-R6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks CTPView versions 7.3 ant\u00e9rieures \u00e0 7.3R7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 19.4 ant\u00e9rieures \u00e0 19.4R1-S4, 19.4R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 19.4 ant\u00e9rieures \u00e0 19.4R2-S3, 19.4R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 17.4 ant\u00e9rieures \u00e0 17.4R2-S13, 17.4R3-S4",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.2R3-S2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.4R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 18.4 ant\u00e9rieures \u00e0 18.4R3-S9",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 19.1 ant\u00e9rieures \u00e0 19.1R1-S6, 19.1R2-S2, 19.1R3-S4",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.1 ant\u00e9rieures \u00e0 19.1R3-S7",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D105",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 17.4 ant\u00e9rieures \u00e0 17.4R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 20.3 ant\u00e9rieures \u00e0 20.3R2-S1, 20.3R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.1R2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 19.2 ant\u00e9rieures \u00e0 19.2R1-S7, 19.2R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1R7-S10",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions ant\u00e9rieures \u00e0 18.4R3-S9",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 20.1 ant\u00e9rieures \u00e0 20.1R2-S2, 20.1R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 19.1 ant\u00e9rieures \u00e0 19.1R3-S6",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.3R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 18.4R3-S8",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 18.3 ant\u00e9rieures \u00e0 18.3R3-S4",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 20.3 ant\u00e9rieures \u00e0 20.3R1-S1, 20.3R2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.2R1-S7",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.1R1-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 17.4R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 18.1 ant\u00e9rieures \u00e0 18.1R3-S12",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 18.1R3-S13",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 18.3R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 18.2 ant\u00e9rieures \u00e0 18.2R2-S8, 18.2R3-S7",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.4 ant\u00e9rieures \u00e0 19.4R3-S6",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.3R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 20.4 ant\u00e9rieures \u00e0 20.4R2-S1, 20.4R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.2 ant\u00e9rieures \u00e0 20.2R3-S2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 17.3R3-S12",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 19.3 ant\u00e9rieures \u00e0 19.3R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.1R3-S6",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.3 ant\u00e9rieures \u00e0 20.3R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.2R1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 18.4 ant\u00e9rieures \u00e0 18.4R1-S8, 18.4R2-S7, 18.4R3-S7",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 19.2 ant\u00e9rieures \u00e0 19.2R1-S6, 19.2R3-S2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 20.2 ant\u00e9rieures \u00e0 20.2R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D220",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 21.1 ant\u00e9rieures \u00e0 21.1R2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.4 ant\u00e9rieures \u00e0 20.4R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.3 ant\u00e9rieures \u00e0 19.3R3-S4",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.3R2-S6",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.1R2-S2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 20.1 ant\u00e9rieures \u00e0 20.1R2, 20.1R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 20.2 ant\u00e9rieures \u00e0 20.2R2, 20.2R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions ant\u00e9rieures \u00e0 17.3R3-S11",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.4R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 19.3 ant\u00e9rieures \u00e0 19.3R2-S6, 19.3R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.2R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.1R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions ant\u00e9rieures \u00e0 18.2R3-S8",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.2 ant\u00e9rieures \u00e0 19.2R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 21.1 ant\u00e9rieures \u00e0 21.1R1-S1, 21.1R2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.1 ant\u00e9rieures \u00e0 20.1R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 18.3 ant\u00e9rieures \u00e0 18.3R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.4R2-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 21.2-EVO ant\u00e9rieures \u00e0 21.2R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 20.1R2-EVO sur PTX10003 et PTX10008 platforms",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved toutes versions 21.1-EVO et 21.2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 21.1 ant\u00e9rieures \u00e0 21.1R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 20.4 ant\u00e9rieures \u00e0 20.4R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 20.3 ant\u00e9rieures \u00e0 20.3R1-S2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 21.1-EVO ant\u00e9rieures \u00e0 21.1R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S1-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-0296",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0296"
},
{
"name": "CVE-2021-31356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31356"
},
{
"name": "CVE-2021-31363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31363"
},
{
"name": "CVE-2021-0299",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0299"
},
{
"name": "CVE-2021-31360",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31360"
},
{
"name": "CVE-2021-31355",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31355"
},
{
"name": "CVE-2021-31353",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31353"
},
{
"name": "CVE-2021-31354",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31354"
},
{
"name": "CVE-2021-0298",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0298"
},
{
"name": "CVE-2021-31361",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31361"
},
{
"name": "CVE-2021-31362",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31362"
},
{
"name": "CVE-2021-31359",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31359"
},
{
"name": "CVE-2021-31350",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31350"
},
{
"name": "CVE-2021-31351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31351"
},
{
"name": "CVE-2021-31357",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31357"
},
{
"name": "CVE-2021-31358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31358"
},
{
"name": "CVE-2021-0297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0297"
},
{
"name": "CVE-2021-31352",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31352"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-789",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11224 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11224\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11221 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11221\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11218 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11218\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11213 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11213\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11210 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11210\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11212 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11212\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11223 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11223\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11225 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11225\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11219 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11219\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11222 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11222\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11215 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11215\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11220 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11220\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11211 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11211\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11217 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11217\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11216 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11216\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
VAR-202110-0401
Vulnerability from variot - Updated: 2023-12-18 12:34A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue. The operating system provides a secure programming interface and Junos SDK
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-0401",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "junos os evolved",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "20.3"
},
{
"model": "junos os evolved",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "21.1"
},
{
"model": "junos os evolved",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "20.4"
},
{
"model": "junos os evolved",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b8\u30e5\u30cb\u30d1\u30fc\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013944"
},
{
"db": "NVD",
"id": "CVE-2021-0297"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:juniper:junos_os_evolved:20.3:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos_os_evolved:20.3:r1-s1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos_os_evolved:20.3:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-0297"
}
]
},
"cve": "CVE-2021-0297",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-0297",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-372199",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-013944",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-0297",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "sirt@juniper.net",
"id": "CVE-2021-0297",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-991",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-372199",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-0297",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372199"
},
{
"db": "VULMON",
"id": "CVE-2021-0297"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013944"
},
{
"db": "NVD",
"id": "CVE-2021-0297"
},
{
"db": "NVD",
"id": "CVE-2021-0297"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-991"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue. The operating system provides a secure programming interface and Junos SDK",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-0297"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013944"
},
{
"db": "VULHUB",
"id": "VHN-372199"
},
{
"db": "VULMON",
"id": "CVE-2021-0297"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-0297",
"trust": 3.4
},
{
"db": "JUNIPER",
"id": "JSA11211",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013944",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202110-991",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021101805",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3421",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-372199",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-0297",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372199"
},
{
"db": "VULMON",
"id": "CVE-2021-0297"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013944"
},
{
"db": "NVD",
"id": "CVE-2021-0297"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-991"
}
]
},
"id": "VAR-202110-0401",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-372199"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:34:51.668000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JSA11211",
"trust": 0.8,
"url": "https://supportportal.juniper.net/s/article/2021-10-security-bulletin-junos-os-evolved-bgp-and-ldp-sessions-with-tcp-md5-authentication-established-with-peers-not-configured-for-authentication-cve-2021-0297?language=en_us"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013944"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.1
},
{
"problemtype": "Improper handling in exceptional conditions (CWE-755) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372199"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013944"
},
{
"db": "NVD",
"id": "CVE-2021-0297"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://kb.juniper.net/jsa11211"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0297"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101805"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3421"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-36656"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/755.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372199"
},
{
"db": "VULMON",
"id": "CVE-2021-0297"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013944"
},
{
"db": "NVD",
"id": "CVE-2021-0297"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-991"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-372199"
},
{
"db": "VULMON",
"id": "CVE-2021-0297"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013944"
},
{
"db": "NVD",
"id": "CVE-2021-0297"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-991"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-372199"
},
{
"date": "2021-10-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-0297"
},
{
"date": "2022-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-013944"
},
{
"date": "2021-10-19T19:15:08.290000",
"db": "NVD",
"id": "CVE-2021-0297"
},
{
"date": "2021-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-991"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-372199"
},
{
"date": "2021-10-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-0297"
},
{
"date": "2022-09-30T01:59:00",
"db": "JVNDB",
"id": "JVNDB-2021-013944"
},
{
"date": "2021-10-25T15:20:01.207000",
"db": "NVD",
"id": "CVE-2021-0297"
},
{
"date": "2021-10-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-991"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-991"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper\u00a0Networks\u00a0Junos\u00a0OS\u00a0Evolved\u00a0 Vulnerability in handling exceptional conditions in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013944"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-991"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…