Lucene search
JuniperCVE-2021-0261HistoryApr 22, 2021 - 8:15 p.m.
CVE-2021-0261
2021-04-2220:15:09
CWE-770
CWE-125
juniper
web.nvd.nist.gov
25
vulnerability
cve-2021-0261
http
https
j-web
web authentication
dynamic-vpn
dvpn
firewall authentication
denial of service
dos
juniper networks
junos os
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
44.5%
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17 on EX Series; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230 on SRX Series; 16.1 versions prior to 16.1R7-S8; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.
Affected configurations
Node
juniperjunosMatch12.3-
ORjuniperjunosMatch12.3r1
ORjuniperjunosMatch12.3r10
ORjuniperjunosMatch12.3r10-s1
ORjuniperjunosMatch12.3r10-s2
ORjuniperjunosMatch12.3r11
ORjuniperjunosMatch12.3r12
ORjuniperjunosMatch12.3r12-s1
ORjuniperjunosMatch12.3r12-s10
ORjuniperjunosMatch12.3r12-s11
ORjuniperjunosMatch12.3r12-s12
ORjuniperjunosMatch12.3r12-s13
ORjuniperjunosMatch12.3r12-s14
ORjuniperjunosMatch12.3r12-s15
ORjuniperjunosMatch12.3r12-s16
ORjuniperjunosMatch12.3r12-s3
ORjuniperjunosMatch12.3r12-s4
ORjuniperjunosMatch12.3r12-s6
ORjuniperjunosMatch12.3r12-s8
juniperex2300Match-
ORjuniperex2300-cMatch-
ORjuniperex3400Match-
ORjuniperex4300Match-
ORjuniperex4400Match-
ORjuniperex4600Match-
ORjuniperex4650Match-
ORjuniperex9200Match-
ORjuniperex9250Match-
Node
juniperjunosMatch12.3x48-
ORjuniperjunosMatch12.3x48d10
ORjuniperjunosMatch12.3x48d100
ORjuniperjunosMatch12.3x48d15
ORjuniperjunosMatch12.3x48d20
ORjuniperjunosMatch12.3x48d25
ORjuniperjunosMatch12.3x48d30
ORjuniperjunosMatch12.3x48d35
ORjuniperjunosMatch12.3x48d40
ORjuniperjunosMatch12.3x48d45
ORjuniperjunosMatch12.3x48d50
ORjuniperjunosMatch12.3x48d51
ORjuniperjunosMatch12.3x48d55
ORjuniperjunosMatch12.3x48d60
ORjuniperjunosMatch12.3x48d65
ORjuniperjunosMatch12.3x48d66
ORjuniperjunosMatch12.3x48d70
ORjuniperjunosMatch12.3x48d75
ORjuniperjunosMatch12.3x48d80
ORjuniperjunosMatch12.3x48d85
ORjuniperjunosMatch12.3x48d90
ORjuniperjunosMatch12.3x48d95
ORjuniperjunosMatch15.1x49-
ORjuniperjunosMatch15.1x49d10
ORjuniperjunosMatch15.1x49d100
ORjuniperjunosMatch15.1x49d110
ORjuniperjunosMatch15.1x49d120
ORjuniperjunosMatch15.1x49d130
ORjuniperjunosMatch15.1x49d131
ORjuniperjunosMatch15.1x49d140
ORjuniperjunosMatch15.1x49d15
ORjuniperjunosMatch15.1x49d150
ORjuniperjunosMatch15.1x49d160
ORjuniperjunosMatch15.1x49d170
ORjuniperjunosMatch15.1x49d180
ORjuniperjunosMatch15.1x49d190
ORjuniperjunosMatch15.1x49d20
ORjuniperjunosMatch15.1x49d200
ORjuniperjunosMatch15.1x49d210
ORjuniperjunosMatch15.1x49d25
ORjuniperjunosMatch15.1x49d30
ORjuniperjunosMatch15.1x49d35
ORjuniperjunosMatch15.1x49d40
ORjuniperjunosMatch15.1x49d45
ORjuniperjunosMatch15.1x49d50
ORjuniperjunosMatch15.1x49d55
ORjuniperjunosMatch15.1x49d60
ORjuniperjunosMatch15.1x49d65
ORjuniperjunosMatch15.1x49d70
ORjuniperjunosMatch15.1x49d75
ORjuniperjunosMatch15.1x49d80
ORjuniperjunosMatch15.1x49d90
junipersrx1500Match-
ORjunipersrx300Match-
ORjunipersrx320Match-
ORjunipersrx340Match-
ORjunipersrx345Match-
ORjunipersrx380Match-
ORjunipersrx4100Match-
ORjunipersrx4200Match-
ORjunipersrx4600Match-
ORjunipersrx5400Match-
ORjunipersrx550Match-
ORjunipersrx5600Match-
ORjunipersrx5800Match-
Node
juniperjunosMatch15.1-
ORjuniperjunosMatch15.1a1
ORjuniperjunosMatch15.1f
ORjuniperjunosMatch15.1f1
ORjuniperjunosMatch15.1f2
ORjuniperjunosMatch15.1f2-s1
ORjuniperjunosMatch15.1f2-s2
ORjuniperjunosMatch15.1f2-s3
ORjuniperjunosMatch15.1f2-s4
ORjuniperjunosMatch15.1f3
ORjuniperjunosMatch15.1f4
ORjuniperjunosMatch15.1f5
ORjuniperjunosMatch15.1f5-s7
ORjuniperjunosMatch15.1f6
ORjuniperjunosMatch15.1f6-s1
ORjuniperjunosMatch15.1f6-s10
ORjuniperjunosMatch15.1f6-s12
ORjuniperjunosMatch15.1f6-s2
ORjuniperjunosMatch15.1f6-s3
ORjuniperjunosMatch15.1f6-s4
ORjuniperjunosMatch15.1f6-s5
ORjuniperjunosMatch15.1f6-s6
ORjuniperjunosMatch15.1f6-s7
ORjuniperjunosMatch15.1f6-s8
ORjuniperjunosMatch15.1f6-s9
ORjuniperjunosMatch15.1f7
ORjuniperjunosMatch15.1r
ORjuniperjunosMatch15.1r1
ORjuniperjunosMatch15.1r2
ORjuniperjunosMatch15.1r3
ORjuniperjunosMatch15.1r4
ORjuniperjunosMatch15.1r4-s7
ORjuniperjunosMatch15.1r4-s8
ORjuniperjunosMatch15.1r4-s9
ORjuniperjunosMatch15.1r5
ORjuniperjunosMatch15.1r5-s1
ORjuniperjunosMatch15.1r5-s3
ORjuniperjunosMatch15.1r5-s5
ORjuniperjunosMatch15.1r5-s6
ORjuniperjunosMatch15.1r6
ORjuniperjunosMatch15.1r6-s1
ORjuniperjunosMatch15.1r6-s2
ORjuniperjunosMatch15.1r6-s3
ORjuniperjunosMatch15.1r6-s4
ORjuniperjunosMatch15.1r6-s6
ORjuniperjunosMatch15.1r7
ORjuniperjunosMatch15.1r7-s1
ORjuniperjunosMatch15.1r7-s2
ORjuniperjunosMatch15.1r7-s3
ORjuniperjunosMatch15.1r7-s4
ORjuniperjunosMatch15.1r7-s5
ORjuniperjunosMatch15.1r7-s6
ORjuniperjunosMatch15.1r7-s7
ORjuniperjunosMatch16.1-
ORjuniperjunosMatch16.1r
ORjuniperjunosMatch16.1r1
ORjuniperjunosMatch16.1r2
ORjuniperjunosMatch16.1r3
ORjuniperjunosMatch16.1r3-s10
ORjuniperjunosMatch16.1r3-s11
ORjuniperjunosMatch16.1r3-s8
ORjuniperjunosMatch16.1r4
ORjuniperjunosMatch16.1r4-s12
ORjuniperjunosMatch16.1r4-s2
ORjuniperjunosMatch16.1r4-s3
ORjuniperjunosMatch16.1r4-s4
ORjuniperjunosMatch16.1r4-s6
ORjuniperjunosMatch16.1r4-s8
ORjuniperjunosMatch16.1r4-s9
ORjuniperjunosMatch16.1r5
ORjuniperjunosMatch16.1r5-s4
ORjuniperjunosMatch16.1r6
ORjuniperjunosMatch16.1r6-s1
ORjuniperjunosMatch16.1r6-s3
ORjuniperjunosMatch16.1r6-s4
ORjuniperjunosMatch16.1r6-s6
ORjuniperjunosMatch16.1r7
ORjuniperjunosMatch16.1r7-s2
ORjuniperjunosMatch16.1r7-s3
ORjuniperjunosMatch16.1r7-s4
ORjuniperjunosMatch16.1r7-s5
ORjuniperjunosMatch16.1r7-s6
ORjuniperjunosMatch16.1r7-s7
ORjuniperjunosMatch17.3-
ORjuniperjunosMatch17.3r1
ORjuniperjunosMatch17.3r1-s1
ORjuniperjunosMatch17.3r1-s4
ORjuniperjunosMatch17.3r2
ORjuniperjunosMatch17.3r2-s1
ORjuniperjunosMatch17.3r2-s2
ORjuniperjunosMatch17.3r2-s3
ORjuniperjunosMatch17.3r2-s4
ORjuniperjunosMatch17.3r2-s5
ORjuniperjunosMatch17.3r3
ORjuniperjunosMatch17.3r3-
ORjuniperjunosMatch17.3r3-s1
ORjuniperjunosMatch17.3r3-s2
ORjuniperjunosMatch17.3r3-s3
ORjuniperjunosMatch17.3r3-s4
ORjuniperjunosMatch17.3r3-s5
ORjuniperjunosMatch17.3r3-s6
ORjuniperjunosMatch17.3r3-s7
ORjuniperjunosMatch17.3r3-s8
ORjuniperjunosMatch17.3r3-s9
ORjuniperjunosMatch17.4-
ORjuniperjunosMatch17.4r1
ORjuniperjunosMatch17.4r1-s1
ORjuniperjunosMatch17.4r1-s2
ORjuniperjunosMatch17.4r1-s3
ORjuniperjunosMatch17.4r1-s4
ORjuniperjunosMatch17.4r1-s5
ORjuniperjunosMatch17.4r1-s6
ORjuniperjunosMatch17.4r1-s7
ORjuniperjunosMatch17.4r2
ORjuniperjunosMatch17.4r2-s1
ORjuniperjunosMatch17.4r2-s10
ORjuniperjunosMatch17.4r2-s11
ORjuniperjunosMatch17.4r2-s2
ORjuniperjunosMatch17.4r2-s3
ORjuniperjunosMatch17.4r2-s4
ORjuniperjunosMatch17.4r2-s5
ORjuniperjunosMatch17.4r2-s6
ORjuniperjunosMatch17.4r2-s7
ORjuniperjunosMatch17.4r2-s8
ORjuniperjunosMatch17.4r2-s9
ORjuniperjunosMatch18.1-
ORjuniperjunosMatch18.1r1
ORjuniperjunosMatch18.1r2
ORjuniperjunosMatch18.1r2-s1
ORjuniperjunosMatch18.1r2-s2
ORjuniperjunosMatch18.1r2-s4
ORjuniperjunosMatch18.1r3
ORjuniperjunosMatch18.1r3-s1
ORjuniperjunosMatch18.1r3-s10
ORjuniperjunosMatch18.1r3-s2
ORjuniperjunosMatch18.1r3-s3
ORjuniperjunosMatch18.1r3-s4
ORjuniperjunosMatch18.1r3-s5
ORjuniperjunosMatch18.1r3-s6
ORjuniperjunosMatch18.1r3-s7
ORjuniperjunosMatch18.1r3-s8
ORjuniperjunosMatch18.1r3-s9
ORjuniperjunosMatch18.2-
ORjuniperjunosMatch18.2r1
ORjuniperjunosMatch18.2r1-
ORjuniperjunosMatch18.2r1-s2
ORjuniperjunosMatch18.2r1-s3
ORjuniperjunosMatch18.2r1-s4
ORjuniperjunosMatch18.2r1-s5
ORjuniperjunosMatch18.2r2
ORjuniperjunosMatch18.2r2-s1
ORjuniperjunosMatch18.2r2-s2
ORjuniperjunosMatch18.2r2-s3
ORjuniperjunosMatch18.2r2-s4
ORjuniperjunosMatch18.2r2-s5
ORjuniperjunosMatch18.2r2-s6
ORjuniperjunosMatch18.2r2-s7
ORjuniperjunosMatch18.2r3
ORjuniperjunosMatch18.2r3-s1
ORjuniperjunosMatch18.2r3-s2
ORjuniperjunosMatch18.2r3-s3
ORjuniperjunosMatch18.2r3-s4
ORjuniperjunosMatch18.2r3-s5
ORjuniperjunosMatch18.3-
ORjuniperjunosMatch18.3r1
ORjuniperjunosMatch18.3r1-s1
ORjuniperjunosMatch18.3r1-s2
ORjuniperjunosMatch18.3r1-s3
ORjuniperjunosMatch18.3r1-s4
ORjuniperjunosMatch18.3r1-s5
ORjuniperjunosMatch18.3r1-s6
ORjuniperjunosMatch18.3r2
ORjuniperjunosMatch18.3r2-s1
ORjuniperjunosMatch18.3r2-s2
ORjuniperjunosMatch18.3r2-s3
ORjuniperjunosMatch18.3r3
ORjuniperjunosMatch18.3r3-s1
ORjuniperjunosMatch18.3r3-s2
ORjuniperjunosMatch18.4-
ORjuniperjunosMatch18.4r1
ORjuniperjunosMatch18.4r1-s1
ORjuniperjunosMatch18.4r1-s2
ORjuniperjunosMatch18.4r1-s3
ORjuniperjunosMatch18.4r1-s4
ORjuniperjunosMatch18.4r1-s5
ORjuniperjunosMatch18.4r1-s6
ORjuniperjunosMatch18.4r1-s7
ORjuniperjunosMatch18.4r2
ORjuniperjunosMatch18.4r2-s1
ORjuniperjunosMatch18.4r2-s2
ORjuniperjunosMatch18.4r2-s3
ORjuniperjunosMatch18.4r2-s4
ORjuniperjunosMatch18.4r3
ORjuniperjunosMatch18.4r3-s1
ORjuniperjunosMatch18.4r3-s2
ORjuniperjunosMatch18.4r3-s3
ORjuniperjunosMatch19.1-
ORjuniperjunosMatch19.1r1
ORjuniperjunosMatch19.1r1-s1
ORjuniperjunosMatch19.1r1-s2
ORjuniperjunosMatch19.1r1-s3
ORjuniperjunosMatch19.1r1-s4
ORjuniperjunosMatch19.1r1-s5
ORjuniperjunosMatch19.1r2
ORjuniperjunosMatch19.1r2-s1
ORjuniperjunosMatch19.1r3
ORjuniperjunosMatch19.1r3-s1
ORjuniperjunosMatch19.2-
ORjuniperjunosMatch19.2r1
ORjuniperjunosMatch19.2r1-s1
ORjuniperjunosMatch19.2r1-s2
ORjuniperjunosMatch19.2r1-s3
ORjuniperjunosMatch19.2r1-s4
ORjuniperjunosMatch19.2r2
ORjuniperjunosMatch19.2r2-s1
ORjuniperjunosMatch19.3-
ORjuniperjunosMatch19.3r1
ORjuniperjunosMatch19.3r1-s1
ORjuniperjunosMatch19.3r2
ORjuniperjunosMatch19.3r2-s1
ORjuniperjunosMatch19.3r2-s2
ORjuniperjunosMatch19.3r2-s3
ORjuniperjunosMatch19.4r1
ORjuniperjunosMatch19.4r1-s1
ORjuniperjunosMatch19.4r1-s2
ORjuniperjunosMatch19.4r2
ORjuniperjunosMatch19.4r2-s1
ORjuniperjunosMatch20.1r1
ORjuniperjunosMatch20.1r1-s1
ORjuniperjunosMatch20.1r1-s2
ORjuniperjunosMatch20.2r1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:-:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r10:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r10-s1:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r10-s2:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r11:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r12:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r12-s1:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r12-s10:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r12-s11:*:*:*:*:*:* |
CNA Affected
[
{
"platforms": [
"EX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3R12-S17",
"status": "affected",
"version": "12.3",
"versionType": "custom"
}
]
},
{
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3X48-D105",
"status": "affected",
"version": "12.3X48",
"versionType": "custom"
},
{
"lessThan": "15.1X49-D230",
"status": "affected",
"version": "15.1X49",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1R7-S8",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "16.1R7-S8",
"status": "affected",
"version": "16.1",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S12, 17.4R3-S3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S11",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S6",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R2-S4, 18.3R3-S3",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S5, 18.4R3-S4",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S2, 19.1R3-S2",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S5, 19.2R3",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S4, 19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S3, 19.4R2-S2, 19.4R3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R1-S3, 20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R1-S1, 20.2R2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
}
]
}
]References
Related
nessus
nessus
Juniper Junos OS Vulnerability (JSA11152)
2021-04-15 00:00:00
cvelist
cvelist
prion
prion
Authentication flaw
2021-04-22 20:15:00
nvd
nvd
CVE-2021-0261
2021-04-22 20:15:09
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
44.5%
Related for CVE-2021-0261