Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-0294
HistoryJul 15, 2021 - 8:15 p.m.

CVE-2021-0294

2021-07-1520:15:11
CWE-474
[email protected]
web.nvd.nist.gov
40
4
cve-2021-0294
juniper networks
junos os
vulnerability
qfx5000
ex4600
security issue
storm control

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

39.7%

JSON

A vulnerability in Juniper Networks Junos OS, which only affects the release 18.4R2-S5, where a function is inconsistently implemented on Juniper Networks Junos QFX5000 Series and EX4600 Series, and if “storm-control enhanced” is configured, can lead to the enhanced storm control filter group not be installed. It will cause storm control not to work hence allowing an attacker to cause high CPU usage or packet loss issues by sending a large amount of broadcast or unknown unicast packets arriving the device. This issue affects Juniper Networks QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, EX4600, and EX4650, and QFX5100 with QFX 5e Series image installed. QFX5130 and QFX5220 are not affected from this issue. This issue affects Juniper Networks Junos OS 18.4R2-S5 on QFX5000 Series and EX4600 Series. No other product or platform is affected by this vulnerability.

Affected configurations

NVD
Node
juniperex4600Match-
OR
juniperex4650Match-
OR
juniperqfx5100Match-
OR
juniperqfx5110Match-
OR
juniperqfx5120Match-
OR
juniperqfx5200Match-
OR
juniperqfx5210Match-
AND
juniperjunosMatch18.4r2-s5
CPENameOperatorVersion
juniper:junosjuniper junoseq18.4

CNA Affected

[
  {
    "platforms": [
      "QFX5000 Series, EX4600 Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "18.4R2-S5"
      }
    ]
  }
]

Social References

More

Related

nessus 1
cvelist 1
nvd 1
prion 1
nessus
nessus
Juniper Junos OS Vulnerability (JSA11196)
2021-11-19 00:00:00
cvelist
cvelist
CVE-2021-0294 Junos OS: QFX5000 Series and EX4600 Series: Enhanced storm control might not work leading to partial Denial of Service
2021-07-14 00:00:00
nvd
nvd
CVE-2021-0294
2021-07-15 20:15:11
prion
prion
Design/Logic Flaw
2021-07-15 20:15:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

39.7%

JSON
Related for CVE-2021-0294
nessus1cvelist1nvd1prion1