JuniperCVELIST:CVE-2021-0276CVE-2021-0276 Steel-Belted Radius Carrier Edition: Remote code execution vulnerability when EAP Authentication is configured.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
79.9%
A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Carrier with EAP (Extensible Authentication Protocol) authentication configured, allows an attacker sending specific packets causing the radius daemon to crash resulting with a Denial of Service (DoS) or leading to remote code execution (RCE). By continuously sending this specific packets, an attacker can repeatedly crash the radius daemon, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks SBR Carrier: 8.4.1 versions prior to 8.4.1R19; 8.5.0 versions prior to 8.5.0R10; 8.6.0 versions prior to 8.6.0R4.
CNA Affected
[
{
"product": "SBR Carrier",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "8.4.1R19",
"status": "affected",
"version": "8.4.1",
"versionType": "custom"
},
{
"lessThan": "8.5.0R10",
"status": "affected",
"version": "8.5.0",
"versionType": "custom"
},
{
"lessThan": "8.6.0R4",
"status": "affected",
"version": "8.6.0",
"versionType": "custom"
}
]
}
]References
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
79.9%