github - ghsa-3pxh-pm6h-2cp2

GHSA-3PXH-PM6H-2CP2

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48

Details

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17 on EX Series; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230 on SRX Series; 16.1 versions prior to 16.1R7-S8; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-0261"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-22T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17 on EX Series; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230 on SRX Series; 16.1 versions prior to 16.1R7-S8; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.",
  "id": "GHSA-3pxh-pm6h-2cp2",
  "modified": "2022-05-24T17:48:14Z",
  "published": "2022-05-24T17:48:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0261"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA11152"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2021-0261 (GCVE-0-2021-0261)

Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-16 19:57

Summary

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read
Denial of Service (DoS)
CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

juniper

References

URL

Tags

https://kb.juniper.net/JSA11152

x_refsource_MISC

Impacted products

Vendor

Product

Version

Juniper Networks

Junos OS

Affected: 12.3 , < 12.3R12-S17 (custom)

	Juniper Networks	Junos OS	Affected: 12.3X48 , < 12.3X48-D105 (custom) Affected: 15.1X49 , < 15.1X49-D230 (custom)
	Juniper Networks	Junos OS	Affected: 15.1 , < 15.1R7-S8 (custom) Affected: 16.1 , < 16.1R7-S8 (custom) Affected: 17.4 , < 17.4R2-S12, 17.4R3-S3 (custom) Affected: 18.1 , < 18.1R3-S11 (custom) Affected: 18.2 , < 18.2R3-S6 (custom) Affected: 18.3 , < 18.3R2-S4, 18.3R3-S3 (custom) Affected: 18.4 , < 18.4R2-S5, 18.4R3-S4 (custom) Affected: 19.1 , < 19.1R2-S2, 19.1R3-S2 (custom) Affected: 19.2 , < 19.2R1-S5, 19.2R3 (custom) Affected: 19.3 , < 19.3R2-S4, 19.3R3 (custom) Affected: 19.4 , < 19.4R1-S3, 19.4R2-S2, 19.4R3 (custom) Affected: 20.1 , < 20.1R1-S3, 20.1R2 (custom) Affected: 20.2 , < 20.2R1-S1, 20.2R2 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:32:10.525Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11152"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "EX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "12.3R12-S17",
              "status": "affected",
              "version": "12.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "SRX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "12.3X48-D105",
              "status": "affected",
              "version": "12.3X48",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1X49-D230",
              "status": "affected",
              "version": "15.1X49",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "15.1R7-S8",
              "status": "affected",
              "version": "15.1",
              "versionType": "custom"
            },
            {
              "lessThan": "16.1R7-S8",
              "status": "affected",
              "version": "16.1",
              "versionType": "custom"
            },
            {
              "lessThan": "17.4R2-S12, 17.4R3-S3",
              "status": "affected",
              "version": "17.4",
              "versionType": "custom"
            },
            {
              "lessThan": "18.1R3-S11",
              "status": "affected",
              "version": "18.1",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2R3-S6",
              "status": "affected",
              "version": "18.2",
              "versionType": "custom"
            },
            {
              "lessThan": "18.3R2-S4, 18.3R3-S3",
              "status": "affected",
              "version": "18.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R2-S5, 18.4R3-S4",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1R2-S2, 19.1R3-S2",
              "status": "affected",
              "version": "19.1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R1-S5, 19.2R3",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R2-S4, 19.3R3",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R1-S3, 19.4R2-S2, 19.4R3",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.1R1-S3, 20.1R2",
              "status": "affected",
              "version": "20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R1-S1, 20.2R2",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "The following are examples of the config stanzas that use the web-service that are vulnerable to this issue:\n\n  [system services web-management http]\n  [system services web-management https]\n  [services captive-portal secure-authentication]\n  [security dynamic-vpn] in combination with clients using https://\u003csrx-ip\u003e/(dynamic-vpn) to establish the vpn\n  [access firewall-authentication web-authentication] in combination with [security policies ... then permit firewall-authentication web-authentication client-match ...]\n  [access firewall-authentication pass-through http] in combination with [security policies ... then permit firewall-authentication pass-through web-redirect]"
        }
      ],
      "datePublic": "2021-04-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17 on EX Series; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230 on SRX Series; 16.1 versions prior to 16.1R7-S8; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T19:37:20",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.juniper.net/JSA11152"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S17, 12.3X48-D105, 15.1R7-S8, 15.1X49-D230, 16.1R7-S8, 17.4R2-S12, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2-S2, 19.4R3, 20.1R1-S3, 20.1R2, 20.2R1-S1, 20.2R2, 20.3R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11152",
        "defect": [
          "1513887"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Junos OS: Denial of Service vulnerability in J-Web and web based (HTTP/HTTPS) services caused by a high number of specific requests",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no viable workarounds for this issue other than disabling the web-service:\n[deactivate system services web-management]\n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts.\n\nThe \u0027restart web-management\u0027 command can be used to restart the web-service to recover from this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
          "ID": "CVE-2021-0261",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: Denial of Service vulnerability in J-Web and web based (HTTP/HTTPS) services caused by a high number of specific requests"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "EX Series",
                            "version_affected": "\u003c",
                            "version_name": "12.3",
                            "version_value": "12.3R12-S17"
                          },
                          {
                            "platform": "SRX Series",
                            "version_affected": "\u003c",
                            "version_name": "12.3X48",
                            "version_value": "12.3X48-D105"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "15.1",
                            "version_value": "15.1R7-S8"
                          },
                          {
                            "platform": "SRX Series",
                            "version_affected": "\u003c",
                            "version_name": "15.1X49",
                            "version_value": "15.1X49-D230"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.1",
                            "version_value": "16.1R7-S8"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.4",
                            "version_value": "17.4R2-S12, 17.4R3-S3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.1",
                            "version_value": "18.1R3-S11"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.2",
                            "version_value": "18.2R3-S6"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.3",
                            "version_value": "18.3R2-S4, 18.3R3-S3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R2-S5, 18.4R3-S4"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "19.1",
                            "version_value": "19.1R2-S2, 19.1R3-S2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R1-S5, 19.2R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R2-S4, 19.3R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R1-S3, 19.4R2-S2, 19.4R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "20.1",
                            "version_value": "20.1R1-S3, 20.1R2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "20.2",
                            "version_value": "20.2R1-S1, 20.2R2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "The following are examples of the config stanzas that use the web-service that are vulnerable to this issue:\n\n  [system services web-management http]\n  [system services web-management https]\n  [services captive-portal secure-authentication]\n  [security dynamic-vpn] in combination with clients using https://\u003csrx-ip\u003e/(dynamic-vpn) to establish the vpn\n  [access firewall-authentication web-authentication] in combination with [security policies ... then permit firewall-authentication web-authentication client-match ...]\n  [access firewall-authentication pass-through http] in combination with [security policies ... then permit firewall-authentication pass-through web-redirect]"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17 on EX Series; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230 on SRX Series; 16.1 versions prior to 16.1R7-S8; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125 Out-of-bounds Read"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service (DoS)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-770 Allocation of Resources Without Limits or Throttling"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11152",
              "refsource": "MISC",
              "url": "https://kb.juniper.net/JSA11152"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S17, 12.3X48-D105, 15.1R7-S8, 15.1X49-D230, 16.1R7-S8, 17.4R2-S12, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2-S2, 19.4R3, 20.1R1-S3, 20.1R2, 20.2R1-S1, 20.2R2, 20.3R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11152",
          "defect": [
            "1513887"
          ],
          "discovery": "INTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "There are no viable workarounds for this issue other than disabling the web-service:\n[deactivate system services web-management]\n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts.\n\nThe \u0027restart web-management\u0027 command can be used to restart the web-service to recover from this issue."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2021-0261",
    "datePublished": "2021-04-22T19:37:20.160991Z",
    "dateReserved": "2020-10-27T00:00:00",
    "dateUpdated": "2024-09-16T19:57:30.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-3PXH-PM6H-2CP2

CVE-2021-0261 (GCVE-0-2021-0261)

Tags

Sightings

Nomenclature