FKIE_CVE-2021-0225

Vulnerability from fkie_nvd - Published: 2021-04-22 20:15 - Updated: 2024-11-21 05:42
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Summary
An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action 'policer' in certain combinations with other options to not take effect. An administrator can use the following CLI command to see the failures with filter configuration: user@device> show log kfirewall-agent.log | match ERROR Jul 23 14:16:03 ERROR: filter not supported This issue affects Juniper Networks Junos OS Evolved: Versions 19.1R1-EVO and above prior to 20.3R1-S2-EVO, 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS.
References
sirt@juniper.nethttps://kb.juniper.net/JSA11120Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.juniper.net/JSA11120Vendor Advisory
Impacted products
Vendor Product Version
juniper junos_os_evolved 19.1
juniper junos_os_evolved 19.1
juniper junos_os_evolved 19.2
juniper junos_os_evolved 19.2
juniper junos_os_evolved 19.3
juniper junos_os_evolved 19.3
juniper junos_os_evolved 20.1
juniper junos_os_evolved 20.1
juniper junos_os_evolved 20.2
juniper junos_os_evolved 20.2
juniper junos_os_evolved 20.3
juniper junos_os_evolved 20.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "2C3245C5-9EE1-490C-B7C7-5C02F155DDD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "01A9BD92-5865-455D-9585-098DCFCC24DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "914D6984-1820-483B-AEB9-2C5257B5E900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.2:r2:*:*:*:*:*:*",
              "matchCriteriaId": "14C57D33-01BB-4190-B787-F5BDACE82AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "6480A5C9-3280-40C5-BC08-509555F28363",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.3:r2:*:*:*:*:*:*",
              "matchCriteriaId": "2D3C2D74-AF22-4BED-A0C5-089B5507D275",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "F64FBB4B-7CBF-499B-A523-804857DEFAFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.1:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "EEBE159F-5D94-4C18-B922-331586BEA2CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "FCA8D4D2-D49D-4F91-95E2-2A0E8599338A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.2:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "FF37C911-1904-475A-86F7-F92F34A1A88F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4AFB91E3-CAAC-429F-A869-DDD40FB0F84D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.3:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "0A9CA997-2DDA-4808-B2AE-8804FEB798B2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action \u0027policer\u0027 in certain combinations with other options to not take effect. An administrator can use the following CLI command to see the failures with filter configuration: user@device\u003e show log kfirewall-agent.log | match ERROR Jul 23 14:16:03 ERROR: filter not supported This issue affects Juniper Networks Junos OS Evolved: Versions 19.1R1-EVO and above prior to 20.3R1-S2-EVO, 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS."
    },
    {
      "lang": "es",
      "value": "Una Comprobaci\u00f3n Inapropiada de Condiciones Inusuales o Excepcionales en Juniper Networks Junos OS Evolved, puede causar que la configuraci\u00f3n del filtro de firewall sin estado que usa la acci\u00f3n \"policer\" en determinadas combinaciones con otras opciones no surta efecto.\u0026#xa0;Un administrador puede usar el siguiente comando CLI para visualizar los fallos con la configuraci\u00f3n del filtro: user@device) show log kfirewall-agent.log | match ERROR Jul 23 14:16:03 ERROR: filter not supported. Este problema afecta a Juniper Networks Junos OS Evolved: Versiones 19.1R1-EVO y por encima, versiones anteriores a 20.3R1-S2-EVO, 20.3R2-EVO.\u0026#xa0;Este problema no afecta al Juniper Networks Junos OS"
    }
  ],
  "id": "CVE-2021-0225",
  "lastModified": "2024-11-21T05:42:14.797",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "sirt@juniper.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-22T20:15:08.463",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA11120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA11120"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.