Lucene search

JuniperCVE-2021-0270

HistoryApr 22, 2021 - 8:15 p.m.

CVE-2021-0270

2021-04-2220:15:10

CWE-362

CWE-416

juniper

web.nvd.nist.gov

cve-2021-0270

juniper networks

junos os

ptx series

qfx10k series

vulnerability

dos

packet forwarding engine

microkernel

race condition

bgp

igp

fpcs

network instability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

45.6%

JSON

On PTX Series and QFX10k Series devices with the “inline-jflow” feature enabled, a use after free weakness in the Packet Forwarding Engine (PFE) microkernel architecture of Juniper Networks Junos OS may allow an attacker to cause a Denial of Service (DoS) condition whereby one or more Flexible PIC Concentrators (FPCs) may restart. As this is a race condition situation this issue become more likely to be hit when network instability occurs, such as but not limited to BGP/IGP reconvergences, and/or further likely to occur when more active “traffic flows” are occurring through the device. When this issue occurs, it will cause one or more FPCs to restart unexpectedly. During FPC restarts core files will be generated. While the core file is generated traffic will be disrupted. Sustained receipt of large traffic flows and reconvergence-like situations may sustain the Denial of Service (DoS) situation. This issue affects: Juniper Networks Junos OS: 18.1 version 18.1R2 and later versions prior to 18.1R3-S10 on PTX Series, QFX10K Series.

Affected configurations

Nvd

Node

juniperjunosMatch18.1r2

juniperjunosMatch18.1r2-s1

juniperjunosMatch18.1r2-s2

juniperjunosMatch18.1r2-s4

juniperjunosMatch18.1r3

juniperjunosMatch18.1r3-s1

juniperjunosMatch18.1r3-s2

juniperjunosMatch18.1r3-s3

juniperjunosMatch18.1r3-s4

juniperjunosMatch18.1r3-s5

juniperjunosMatch18.1r3-s6

juniperjunosMatch18.1r3-s7

juniperjunosMatch18.1r3-s8

juniperjunosMatch18.1r3-s9

AND

juniperptx1000Match-

juniperptx10001-36mrMatch-

juniperptx10002Match-

juniperptx10003Match-

juniperptx10004Match-

juniperptx10008Match-

juniperptx10016Match-

juniperptx3000Match-

juniperptx5000Match-

juniperqfx10002Match-

juniperqfx10008Match-

juniperqfx10016Match-

VendorProductVersionCPE
juniperjunos18.1cpe:2.3:o:juniper:junos:18.1:r2:*:*:*:*:*:*
juniperjunos18.1cpe:2.3:o:juniper:junos:18.1:r2-s1:*:*:*:*:*:*
juniperjunos18.1cpe:2.3:o:juniper:junos:18.1:r2-s2:*:*:*:*:*:*
juniperjunos18.1cpe:2.3:o:juniper:junos:18.1:r2-s4:*:*:*:*:*:*
juniperjunos18.1cpe:2.3:o:juniper:junos:18.1:r3:*:*:*:*:*:*
juniperjunos18.1cpe:2.3:o:juniper:junos:18.1:r3-s1:*:*:*:*:*:*
juniperjunos18.1cpe:2.3:o:juniper:junos:18.1:r3-s2:*:*:*:*:*:*
juniperjunos18.1cpe:2.3:o:juniper:junos:18.1:r3-s3:*:*:*:*:*:*
juniperjunos18.1cpe:2.3:o:juniper:junos:18.1:r3-s4:*:*:*:*:*:*
juniperjunos18.1cpe:2.3:o:juniper:junos:18.1:r3-s5:*:*:*:*:*:*

Vendor	Product	Version	CPE
juniper	junos	18.1	cpe:2.3:o:juniper:junos:18.1:r2::::::
juniper	junos	18.1	cpe:2.3:o:juniper:junos:18.1:r2-s1::::::
juniper	junos	18.1	cpe:2.3:o:juniper:junos:18.1:r2-s2::::::
juniper	junos	18.1	cpe:2.3:o:juniper:junos:18.1:r2-s4::::::
juniper	junos	18.1	cpe:2.3:o:juniper:junos:18.1:r3::::::
juniper	junos	18.1	cpe:2.3:o:juniper:junos:18.1:r3-s1::::::
juniper	junos	18.1	cpe:2.3:o:juniper:junos:18.1:r3-s2::::::
juniper	junos	18.1	cpe:2.3:o:juniper:junos:18.1:r3-s3::::::
juniper	junos	18.1	cpe:2.3:o:juniper:junos:18.1:r3-s4::::::
juniper	junos	18.1	cpe:2.3:o:juniper:junos:18.1:r3-s5::::::

Rows per page:

1-10 of 261

CNA Affected

[
  {
    "platforms": [
      "PTX Series, QFX10K Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "18.1R3-S10",
            "status": "affected"
          }
        ],
        "lessThan": "18.1*",
        "status": "affected",
        "version": "18.1R2",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.juniper.net/JSA11161

www.juniper.net/documentation/en_US/junos/topics/task/configuration/inline-flow-monitoring-ptx.html

Social References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

45.6%

JSON

Related for CVE-2021-0270