Lucene search

JuniperCVE-2021-31379

HistoryOct 19, 2021 - 7:15 p.m.

CVE-2021-31379

2021-10-1919:15:11

CWE-696

juniper

web.nvd.nist.gov

cve-2021-31379

vulnerability

map-e

automatic tunneling

juniper networks

junos os

denial of service

dos

security advisory

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

46.5%

JSON

An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service (DoS) to the PFE on the device which is disabled as a result of the processing of these packets. Continued receipt and processing of these malformed IPv4 or IPv6 packets will create a sustained Denial of Service (DoS) condition. This issue only affects MPC 7/8/9/10/11 cards, when MAP-E IP reassembly is enabled on these cards. An indicator of compromise is the output: FPC [“FPC ID” # e.g. “0”] PFE #{PFE ID # e.g. “1”] : Fabric Disabled Example: FPC 0 PFE #1 : Fabric Disabled when using the command: show chassis fabric fpcs An example of a healthy result of the command use would be: user@device-re1> show chassis fabric fpcs Fabric management FPC state: FPC 0 PFE #0 Plane 0: Plane enabled Plane 1: Plane enabled Plane 2: Plane enabled Plane 3: Plane enabled Plane 4: Plane enabled Plane 5: Plane enabled Plane 6: Plane enabled Plane 7: Plane enabled This issue affects: Juniper Networks Junos OS on MX Series with MPC 7/8/9/10/11 cards, when MAP-E IP reassembly is enabled on these cards. 17.2 version 17.2R1 and later versions; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R1-S8, 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1.

Affected configurations

Nvd

Node

juniperjunosMatch17.2r1

juniperjunosMatch17.2r1-s1

juniperjunosMatch17.2r1-s2

juniperjunosMatch17.2r1-s3

juniperjunosMatch17.2r1-s4

juniperjunosMatch17.2r1-s5

juniperjunosMatch17.2r1-s6

juniperjunosMatch17.2r1-s7

juniperjunosMatch17.2r1-s8

juniperjunosMatch17.2r2

juniperjunosMatch17.2r2-s11

juniperjunosMatch17.2r2-s4

juniperjunosMatch17.2r2-s6

juniperjunosMatch17.2r2-s7

juniperjunosMatch17.2r3

juniperjunosMatch17.2r3-s1

juniperjunosMatch17.2r3-s2

juniperjunosMatch17.2r3-s3

juniperjunosMatch17.2r3-s4

juniperjunosMatch17.2x75

juniperjunosMatch17.2x75-

juniperjunosMatch17.2x75d100

juniperjunosMatch17.2x75d102

juniperjunosMatch17.2x75d110

juniperjunosMatch17.2x75d50

juniperjunosMatch17.2x75d70

juniperjunosMatch17.2x75d90

juniperjunosMatch17.2x75d91

juniperjunosMatch17.2x75d92

juniperjunosMatch17.3-

juniperjunosMatch17.3r1

juniperjunosMatch17.3r1-s1

juniperjunosMatch17.3r1-s4

juniperjunosMatch17.3r2

juniperjunosMatch17.3r2-s1

juniperjunosMatch17.3r2-s2

juniperjunosMatch17.3r2-s3

juniperjunosMatch17.3r2-s4

juniperjunosMatch17.3r2-s5

juniperjunosMatch17.3r3

juniperjunosMatch17.3r3-s1

juniperjunosMatch17.3r3-s12

juniperjunosMatch17.3r3-s2

juniperjunosMatch17.3r3-s3

juniperjunosMatch17.3r3-s4

juniperjunosMatch17.3r3-s5

juniperjunosMatch17.3r3-s6

juniperjunosMatch17.3r3-s7

juniperjunosMatch17.3r3-s8

juniperjunosMatch17.4-

juniperjunosMatch17.4r1

juniperjunosMatch17.4r1-s1

juniperjunosMatch17.4r1-s2

juniperjunosMatch17.4r1-s3

juniperjunosMatch17.4r1-s4

juniperjunosMatch17.4r1-s5

juniperjunosMatch17.4r1-s6

juniperjunosMatch17.4r1-s7

juniperjunosMatch17.4r2

juniperjunosMatch17.4r2-s1

juniperjunosMatch17.4r2-s10

juniperjunosMatch17.4r2-s11

juniperjunosMatch17.4r2-s2

juniperjunosMatch17.4r2-s3

juniperjunosMatch17.4r2-s4

juniperjunosMatch17.4r2-s5

juniperjunosMatch17.4r2-s6

juniperjunosMatch17.4r2-s7

juniperjunosMatch17.4r2-s8

juniperjunosMatch17.4r2-s9

juniperjunosMatch17.4r3

juniperjunosMatch17.4r3-s1

juniperjunosMatch17.4r3-s2

juniperjunosMatch18.1-

juniperjunosMatch18.1r

juniperjunosMatch18.1r1

juniperjunosMatch18.1r2

juniperjunosMatch18.1r2-s1

juniperjunosMatch18.1r2-s2

juniperjunosMatch18.1r2-s4

juniperjunosMatch18.1r3

juniperjunosMatch18.1r3-s1

juniperjunosMatch18.1r3-s10

juniperjunosMatch18.1r3-s2

juniperjunosMatch18.1r3-s3

juniperjunosMatch18.1r3-s4

juniperjunosMatch18.1r3-s5

juniperjunosMatch18.1r3-s6

juniperjunosMatch18.1r3-s7

juniperjunosMatch18.1r3-s8

juniperjunosMatch18.1r3-s9

juniperjunosMatch18.2-

juniperjunosMatch18.2r

juniperjunosMatch18.2r1

juniperjunosMatch18.2r1-

juniperjunosMatch18.2r1-s2

juniperjunosMatch18.2r1-s3

juniperjunosMatch18.2r1-s4

juniperjunosMatch18.2r1-s5

juniperjunosMatch18.2r2

juniperjunosMatch18.2r2-s1

juniperjunosMatch18.2r2-s2

juniperjunosMatch18.2r2-s3

juniperjunosMatch18.2r2-s4

juniperjunosMatch18.2r2-s5

juniperjunosMatch18.2r3

juniperjunosMatch18.2r3-s1

juniperjunosMatch18.2r3-s2

juniperjunosMatch18.3-

juniperjunosMatch18.3r

juniperjunosMatch18.3r1

juniperjunosMatch18.3r1-s1

juniperjunosMatch18.3r1-s2

juniperjunosMatch18.3r1-s3

juniperjunosMatch18.3r1-s4

juniperjunosMatch18.3r1-s5

juniperjunosMatch18.3r1-s6

juniperjunosMatch18.3r2

juniperjunosMatch18.3r2-s1

juniperjunosMatch18.3r2-s2

juniperjunosMatch18.3r2-s3

juniperjunosMatch18.3r3

juniperjunosMatch18.4-

juniperjunosMatch18.4r1

juniperjunosMatch18.4r1-s1

juniperjunosMatch18.4r1-s2

juniperjunosMatch18.4r1-s3

juniperjunosMatch18.4r1-s4

juniperjunosMatch18.4r1-s5

juniperjunosMatch18.4r1-s6

juniperjunosMatch18.4r1-s7

juniperjunosMatch18.4r2

juniperjunosMatch18.4r2-s1

juniperjunosMatch18.4r2-s2

juniperjunosMatch18.4r2-s3

juniperjunosMatch18.4r2-s4

juniperjunosMatch19.1-

juniperjunosMatch19.1r1

juniperjunosMatch19.1r1-s1

juniperjunosMatch19.1r1-s2

juniperjunosMatch19.1r1-s3

juniperjunosMatch19.1r1-s4

juniperjunosMatch19.1r1-s5

juniperjunosMatch19.1r2

juniperjunosMatch19.1r2-s1

juniperjunosMatch19.2-

juniperjunosMatch19.2r1

juniperjunosMatch19.2r1-s1

juniperjunosMatch19.2r1-s2

juniperjunosMatch19.2r1-s3

juniperjunosMatch19.2r1-s4

juniperjunosMatch19.3-

juniperjunosMatch19.3r1

juniperjunosMatch19.3r1-s1

juniperjunosMatch19.3r2

juniperjunosMatch19.3r2-s1

juniperjunosMatch19.3r2-s2

juniperjunosMatch19.3r2-s3

juniperjunosMatch19.3r2-s4

AND

junipermx10Match-

junipermx10000Match-

junipermx10003Match-

junipermx10008Match-

junipermx10016Match-

junipermx104Match-

junipermx150Match-

junipermx2008Match-

junipermx2010Match-

junipermx2020Match-

junipermx204Match-

junipermx240Match-

junipermx40Match-

junipermx480Match-

junipermx5Match-

junipermx80Match-

junipermx960Match-

VendorProductVersionCPE
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r1-s1:*:*:*:*:*:*
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r1-s2:*:*:*:*:*:*
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r1-s3:*:*:*:*:*:*
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r1-s4:*:*:*:*:*:*
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r1-s5:*:*:*:*:*:*
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r1-s6:*:*:*:*:*:*
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r1-s8:*:*:*:*:*:*
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*

Vendor	Product	Version	CPE
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r1::::::
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r1-s1::::::
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r1-s2::::::
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r1-s3::::::
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r1-s4::::::
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r1-s5::::::
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r1-s6::::::
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r1-s7::::::
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r1-s8::::::
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r2::::::

Rows per page:

1-10 of 1761

CNA Affected

[
  {
    "platforms": [
      "MX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "17.2R1",
        "status": "unaffected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "17.2*",
        "status": "affected",
        "version": "17.2R1",
        "versionType": "custom"
      },
      {
        "lessThan": "17.3R3-S9",
        "status": "affected",
        "version": "17.3",
        "versionType": "custom"
      },
      {
        "lessThan": "17.4R2-S12, 17.4R3-S3",
        "status": "affected",
        "version": "17.4",
        "versionType": "custom"
      },
      {
        "lessThan": "18.1R3-S11",
        "status": "affected",
        "version": "18.1",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2R2-S6, 18.2R3-S3",
        "status": "affected",
        "version": "18.2",
        "versionType": "custom"
      },
      {
        "lessThan": "18.3R2-S4, 18.3R3-S1",
        "status": "affected",
        "version": "18.3",
        "versionType": "custom"
      },
      {
        "lessThan": "18.4R1-S8, 18.4R2-S5, 18.4R3",
        "status": "affected",
        "version": "18.4",
        "versionType": "custom"
      },
      {
        "lessThan": "19.1R1-S6, 19.1R2-S2, 19.1R3",
        "status": "affected",
        "version": "19.1",
        "versionType": "custom"
      },
      {
        "lessThan": "19.2R1-S5, 19.2R2",
        "status": "affected",
        "version": "19.2",
        "versionType": "custom"
      },
      {
        "lessThan": "19.3R2-S5, 19.3R3",
        "status": "affected",
        "version": "19.3",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.juniper.net/JSA11247

www.juniper.net/documentation/en_US/junos/topics/topic-map/map-e-configuring.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

46.5%

JSON

Related for CVE-2021-31379