Lucene search

JuniperCVE-2021-0209

HistoryJan 15, 2021 - 6:15 p.m.

CVE-2021-0209

2021-01-1518:15:15

CWE-824

juniper

web.nvd.nist.gov

juniper networks

junos os

evolved

bgp

denial of service

dos

cve-2021-0209

CVSS2

5.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

25.0%

JSON

In Juniper Networks Junos OS Evolved an attacker sending certain valid BGP update packets may cause Junos OS Evolved to access an uninitialized pointer causing RPD to core leading to a Denial of Service (DoS). Continued receipt of these types of valid BGP update packets will cause an extended Denial of Service condition. RPD will require a restart to recover. An indicator of compromise is to see if the file rpd.re exists by issuing the command: show system core-dumps This issue affects: Juniper Networks Junos OS Evolved 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S2-EVO, 20.1R2-S1-EVO. This issue does not affect Junos OS.

Affected configurations

Nvd

Node

juniperjunos_os_evolvedMatch19.4r1

juniperjunos_os_evolvedMatch19.4r2

juniperjunos_os_evolvedMatch19.4r2-s1

juniperjunos_os_evolvedMatch20.1-

juniperjunos_os_evolvedMatch20.1r1

juniperjunos_os_evolvedMatch20.1r1-s1

VendorProductVersionCPE
juniperjunos_os_evolved19.4cpe:2.3:o:juniper:junos_os_evolved:19.4:r1:*:*:*:*:*:*
juniperjunos_os_evolved19.4cpe:2.3:o:juniper:junos_os_evolved:19.4:r2:*:*:*:*:*:*
juniperjunos_os_evolved19.4cpe:2.3:o:juniper:junos_os_evolved:19.4:r2-s1:*:*:*:*:*:*
juniperjunos_os_evolved20.1cpe:2.3:o:juniper:junos_os_evolved:20.1:-:*:*:*:*:*:*
juniperjunos_os_evolved20.1cpe:2.3:o:juniper:junos_os_evolved:20.1:r1:*:*:*:*:*:*
juniperjunos_os_evolved20.1cpe:2.3:o:juniper:junos_os_evolved:20.1:r1-s1:*:*:*:*:*:*

Vendor	Product	Version	CPE
juniper	junos_os_evolved	19.4	cpe:2.3:o:juniper:junos_os_evolved:19.4:r1::::::
juniper	junos_os_evolved	19.4	cpe:2.3:o:juniper:junos_os_evolved:19.4:r2::::::
juniper	junos_os_evolved	19.4	cpe:2.3:o:juniper:junos_os_evolved:19.4:r2-s1::::::
juniper	junos_os_evolved	20.1	cpe:2.3:o:juniper:junos_os_evolved:20.1:-::::::
juniper	junos_os_evolved	20.1	cpe:2.3:o:juniper:junos_os_evolved:20.1:r1::::::
juniper	junos_os_evolved	20.1	cpe:2.3:o:juniper:junos_os_evolved:20.1:r1-s1::::::

CNA Affected

[
  {
    "product": "Junos OS Evolved",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "19.4R2-S2-EVO",
        "status": "affected",
        "version": "19.4",
        "versionType": "custom"
      },
      {
        "lessThan": "20.1R1-S2-EVO, 20.1R2-S1-EVO",
        "status": "affected",
        "version": "20.1",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.juniper.net/JSA11099

Social References

CVSS2

5.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

25.0%

JSON

Related for CVE-2021-0209