Lucene search

K
cve[email protected]CVE-2021-0282
HistoryJul 15, 2021 - 8:15 p.m.

CVE-2021-0282

2021-07-1520:15:09
CWE-754
web.nvd.nist.gov
38
5
cve-2021-0282
juniper networks
junos os
bgp
update
rpd
dos
denial of service
multipath
add-path
vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

42.5%

On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this UPDATE message will create a sustained Denial of Service (DoS) condition. This BGP UPDATE message can propagate to other BGP peers with vulnerable Junos versions on which Multipath or add-path feature is enabled, and cause RPD to crash and restart. This issue affects both IBGP and EBGP deployments in IPv4 or IPv6 network. Junos OS devices that do not have the BGP Multipath or add-path feature enabled are not affected by this issue. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S3;

Affected configurations

NVD
Node
juniperjunosMatch12.3-
OR
juniperjunosMatch12.3r1
OR
juniperjunosMatch12.3r10
OR
juniperjunosMatch12.3r10-s1
OR
juniperjunosMatch12.3r10-s2
OR
juniperjunosMatch12.3r11
OR
juniperjunosMatch12.3r12
OR
juniperjunosMatch12.3r12-s1
OR
juniperjunosMatch12.3r12-s10
OR
juniperjunosMatch12.3r12-s11
OR
juniperjunosMatch12.3r12-s12
OR
juniperjunosMatch12.3r12-s13
OR
juniperjunosMatch12.3r12-s14
OR
juniperjunosMatch12.3r12-s15
OR
juniperjunosMatch12.3r12-s16
OR
juniperjunosMatch12.3r12-s17
OR
juniperjunosMatch12.3r12-s3
OR
juniperjunosMatch12.3r12-s4
OR
juniperjunosMatch12.3r12-s6
OR
juniperjunosMatch12.3r12-s8
OR
juniperjunosMatch12.3r13
OR
juniperjunosMatch12.3r2
OR
juniperjunosMatch12.3r3
OR
juniperjunosMatch12.3r4
OR
juniperjunosMatch12.3r5
OR
juniperjunosMatch12.3r6
OR
juniperjunosMatch12.3r7
OR
juniperjunosMatch12.3r8
OR
juniperjunosMatch12.3r9
OR
juniperjunosMatch15.1-
OR
juniperjunosMatch15.1a1
OR
juniperjunosMatch15.1f
OR
juniperjunosMatch15.1f1
OR
juniperjunosMatch15.1f2
OR
juniperjunosMatch15.1f2-s1
OR
juniperjunosMatch15.1f2-s2
OR
juniperjunosMatch15.1f2-s3
OR
juniperjunosMatch15.1f2-s4
OR
juniperjunosMatch15.1f3
OR
juniperjunosMatch15.1f4
OR
juniperjunosMatch15.1f5
OR
juniperjunosMatch15.1f5-s7
OR
juniperjunosMatch15.1f6
OR
juniperjunosMatch15.1f6-s1
OR
juniperjunosMatch15.1f6-s10
OR
juniperjunosMatch15.1f6-s12
OR
juniperjunosMatch15.1f6-s2
OR
juniperjunosMatch15.1f6-s3
OR
juniperjunosMatch15.1f6-s4
OR
juniperjunosMatch15.1f6-s5
OR
juniperjunosMatch15.1f6-s6
OR
juniperjunosMatch15.1f6-s7
OR
juniperjunosMatch15.1f6-s8
OR
juniperjunosMatch15.1f6-s9
OR
juniperjunosMatch15.1f7
OR
juniperjunosMatch15.1r
OR
juniperjunosMatch15.1r1
OR
juniperjunosMatch15.1r2
OR
juniperjunosMatch15.1r3
OR
juniperjunosMatch15.1r4
OR
juniperjunosMatch15.1r4-s7
OR
juniperjunosMatch15.1r4-s8
OR
juniperjunosMatch15.1r4-s9
OR
juniperjunosMatch15.1r5
OR
juniperjunosMatch15.1r5-s1
OR
juniperjunosMatch15.1r5-s3
OR
juniperjunosMatch15.1r5-s5
OR
juniperjunosMatch15.1r5-s6
OR
juniperjunosMatch15.1r6
OR
juniperjunosMatch15.1r6-s1
OR
juniperjunosMatch15.1r6-s2
OR
juniperjunosMatch15.1r6-s3
OR
juniperjunosMatch15.1r6-s4
OR
juniperjunosMatch15.1r6-s6
OR
juniperjunosMatch15.1r7
OR
juniperjunosMatch15.1r7-s1
OR
juniperjunosMatch15.1r7-s2
OR
juniperjunosMatch15.1r7-s3
OR
juniperjunosMatch15.1r7-s4
OR
juniperjunosMatch15.1r7-s5
OR
juniperjunosMatch15.1r7-s6
OR
juniperjunosMatch15.1r7-s7
OR
juniperjunosMatch15.1r7-s8
OR
juniperjunosMatch17.3-
OR
juniperjunosMatch17.3r1
OR
juniperjunosMatch17.3r1-s1
OR
juniperjunosMatch17.3r1-s4
OR
juniperjunosMatch17.3r2
OR
juniperjunosMatch17.3r2-s1
OR
juniperjunosMatch17.3r2-s2
OR
juniperjunosMatch17.3r2-s3
OR
juniperjunosMatch17.3r2-s4
OR
juniperjunosMatch17.3r2-s5
OR
juniperjunosMatch17.3r3
OR
juniperjunosMatch17.3r3-
OR
juniperjunosMatch17.3r3-s1
OR
juniperjunosMatch17.3r3-s10
OR
juniperjunosMatch17.3r3-s2
OR
juniperjunosMatch17.3r3-s3
OR
juniperjunosMatch17.3r3-s4
OR
juniperjunosMatch17.3r3-s5
OR
juniperjunosMatch17.3r3-s6
OR
juniperjunosMatch17.3r3-s7
OR
juniperjunosMatch17.3r3-s8
OR
juniperjunosMatch17.3r3-s9
OR
juniperjunosMatch17.4r2-s2
OR
juniperjunosMatch17.4r2-s3
OR
juniperjunosMatch17.4r2-s4
OR
juniperjunosMatch17.4r2-s5
OR
juniperjunosMatch17.4r2-s6
OR
juniperjunosMatch17.4r2-s7
OR
juniperjunosMatch17.4r2-s8
OR
juniperjunosMatch17.4r2-s9
OR
juniperjunosMatch17.4r3
OR
juniperjunosMatch17.4r3-s1
OR
juniperjunosMatch17.4r3-s2
OR
juniperjunosMatch17.4r3-s3
OR
juniperjunosMatch18.1-
OR
juniperjunosMatch18.1r1
OR
juniperjunosMatch18.1r2
OR
juniperjunosMatch18.1r2-s1
OR
juniperjunosMatch18.1r2-s2
OR
juniperjunosMatch18.1r2-s4
OR
juniperjunosMatch18.1r3
OR
juniperjunosMatch18.1r3-s1
OR
juniperjunosMatch18.1r3-s10
OR
juniperjunosMatch18.1r3-s11
OR
juniperjunosMatch18.1r3-s2
OR
juniperjunosMatch18.1r3-s3
OR
juniperjunosMatch18.1r3-s4
OR
juniperjunosMatch18.1r3-s5
OR
juniperjunosMatch18.1r3-s6
OR
juniperjunosMatch18.1r3-s7
OR
juniperjunosMatch18.1r3-s8
OR
juniperjunosMatch18.1r3-s9
OR
juniperjunosMatch18.2-
OR
juniperjunosMatch18.2r1-
OR
juniperjunosMatch18.2r1-s2
OR
juniperjunosMatch18.2r1-s3
OR
juniperjunosMatch18.2r1-s4
OR
juniperjunosMatch18.2r1-s5
OR
juniperjunosMatch18.2r2
OR
juniperjunosMatch18.2r2-s1
OR
juniperjunosMatch18.2r2-s2
OR
juniperjunosMatch18.2r2-s3
OR
juniperjunosMatch18.2r2-s4
OR
juniperjunosMatch18.2r2-s5
OR
juniperjunosMatch18.2r2-s6
OR
juniperjunosMatch18.2r3
OR
juniperjunosMatch18.2r3-s1
OR
juniperjunosMatch18.2r3-s2
OR
juniperjunosMatch18.2r3-s3
OR
juniperjunosMatch18.2r3-s4
OR
juniperjunosMatch18.2r3-s5
OR
juniperjunosMatch18.2r3-s6
OR
juniperjunosMatch18.3-
OR
juniperjunosMatch18.3r1
OR
juniperjunosMatch18.3r1-s1
OR
juniperjunosMatch18.3r1-s2
OR
juniperjunosMatch18.3r1-s3
OR
juniperjunosMatch18.3r1-s4
OR
juniperjunosMatch18.3r1-s5
OR
juniperjunosMatch18.3r1-s6
OR
juniperjunosMatch18.3r2
OR
juniperjunosMatch18.3r2-s1
OR
juniperjunosMatch18.3r2-s2
OR
juniperjunosMatch18.3r2-s3
OR
juniperjunosMatch18.3r2-s4
OR
juniperjunosMatch18.3r3
OR
juniperjunosMatch18.3r3-s1
OR
juniperjunosMatch18.3r3-s2
OR
juniperjunosMatch18.3r3-s3
OR
juniperjunosMatch18.4-
OR
juniperjunosMatch18.4r1
OR
juniperjunosMatch18.4r1-s1
OR
juniperjunosMatch18.4r1-s2
OR
juniperjunosMatch18.4r1-s3
OR
juniperjunosMatch18.4r1-s4
OR
juniperjunosMatch18.4r1-s5
OR
juniperjunosMatch18.4r1-s6
OR
juniperjunosMatch18.4r1-s7
OR
juniperjunosMatch18.4r2
OR
juniperjunosMatch18.4r2-s1
OR
juniperjunosMatch18.4r2-s2
OR
juniperjunosMatch18.4r2-s3
OR
juniperjunosMatch18.4r2-s4
OR
juniperjunosMatch18.4r2-s5
OR
juniperjunosMatch18.4r3
OR
juniperjunosMatch18.4r3-s1
OR
juniperjunosMatch18.4r3-s2
OR
juniperjunosMatch18.4r3-s3
OR
juniperjunosMatch18.4r3-s4
OR
juniperjunosMatch18.4r3-s5
OR
juniperjunosMatch19.1-
OR
juniperjunosMatch19.1r1
OR
juniperjunosMatch19.1r1-s1
OR
juniperjunosMatch19.1r1-s2
OR
juniperjunosMatch19.1r1-s3
OR
juniperjunosMatch19.1r1-s4
OR
juniperjunosMatch19.1r1-s5
OR
juniperjunosMatch19.1r1-s6
OR
juniperjunosMatch19.1r2
OR
juniperjunosMatch19.1r2-s1
OR
juniperjunosMatch19.1r2-s2
OR
juniperjunosMatch19.1r3
OR
juniperjunosMatch19.1r3-s1
OR
juniperjunosMatch19.1r3-s2

CNA Affected

[
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "12.3R12-S18",
        "status": "affected",
        "version": "12.3",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1R7-S9",
        "status": "affected",
        "version": "15.1",
        "versionType": "custom"
      },
      {
        "lessThan": "17.3R3-S11",
        "status": "affected",
        "version": "17.3",
        "versionType": "custom"
      },
      {
        "lessThan": "17.4R2-S13, 17.4R3-S4",
        "status": "affected",
        "version": "17.4",
        "versionType": "custom"
      },
      {
        "lessThan": "18.1R3-S12",
        "status": "affected",
        "version": "18.1",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2R3-S7",
        "status": "affected",
        "version": "18.2",
        "versionType": "custom"
      },
      {
        "lessThan": "18.3R3-S4",
        "status": "affected",
        "version": "18.3",
        "versionType": "custom"
      },
      {
        "lessThan": "18.4R2-S6, 18.4R3-S6",
        "status": "affected",
        "version": "18.4",
        "versionType": "custom"
      },
      {
        "lessThan": "19.1R3-S3",
        "status": "affected",
        "version": "19.1",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

42.5%

Related for CVE-2021-0282