CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
42.6%
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11239 advisory. On Juniper Networks Junos OS and Junos OS Evolved devices processing a specially crafted BGP UPDATE or KEEPALIVE message can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this message will create a sustained Denial of Service (DoS) condition. This issue affects both IBGP and EBGP deployments over IPv4 or IPv6.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#TRUSTED 91f4a00bf68efa98882b662195f64134048de368cb1543f38444bc9c99cb4529789620c1892cb1d994ebde5dcaaf9b23b49675aa67c8e6bd78f57d3e0139e059d5ba25fc8a428b3335ddc0d1cf0c1a0f3ad515ebfc11568cdb27fe30f095b7d90c1ab3707d6eab501efd7f62aa01607ba16cc81a18ef5ad97251638d96d0200dbd3e27206620aab0db41b8b61d772129f4d8657d7a9e488a7e5588b0596a6725d5af1705c2b4f8945a6a002f437637ca9edf120e8fbb0e53b81106e4a102945abe0f78876d049079fac30dc9d238fea4cd5319758d5c8ecdd603f72ced8c601a19252969a37cad6f236f1dfbdd9dd59cae374b158cb38eab0f510edca2aef51a8ee84e3ed19753656db3795f501104f62ac3f292840daca5ae286c67138ec85389e8492c17e50fdef2f4fef42b94233fdb613136efef738ea65e0678df36bf27d857c61b0f779280e03983c6fbf7990c510248759f02e89fc9329f7701b8c6405809ad02970e2a1db3e29b0216a142342ed29d9118bd6339030c1e3371d671706c35f607e49b3dea4fc50e2098218e4e60ecc302ffa444f63ef90ef7f9fab507b5bb3da73c01120d3f630d6f088c0a1b038f646890560e9e6e93bc3d4a939eb7c7444f397577a22b9ec3cd6e35e0c181c08134f6e4717540666a82d4a0de185bbdc6958b2740e906d1ed79d0f577a4ab70ce39dc814b2b1baf8e9ecb85089893
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(159280);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/26");
script_cve_id("CVE-2021-31374");
script_xref(name:"JSA", value:"JSA11239");
script_xref(name:"IAVA", value:"2021-A-0478-S");
script_name(english:"Juniper Junos OS DoS (JSA11239)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11239
advisory. On Juniper Networks Junos OS and Junos OS Evolved devices processing a specially crafted BGP UPDATE or
KEEPALIVE message can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS).
Continued receipt and processing of this message will create a sustained Denial of Service (DoS) condition. This
issue affects both IBGP and EBGP deployments over IPv4 or IPv6.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/JSA11239");
script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA11239");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-31374");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/10/13");
script_set_attribute(attribute:"patch_publication_date", value:"2021/10/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/03/29");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Junos Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("junos_version.nasl");
script_require_keys("Host/Juniper/JUNOS/Version");
exit(0);
}
include('junos.inc');
include('junos_kb_cmd_func.inc');
var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
var vuln_ranges = [
{'min_ver':'17.3', 'fixed_ver':'17.3R3-S11'},
{'min_ver':'17.4', 'fixed_ver':'17.4R2-S13'},
{'min_ver':'17.4R3', 'fixed_ver':'17.4R3-S4'},
{'min_ver':'18.1', 'fixed_ver':'18.1R3-S12'},
{'min_ver':'18.2', 'fixed_ver':'18.2R2-S8'},
{'min_ver':'18.2R3', 'fixed_ver':'18.2R3-S7'},
{'min_ver':'18.3', 'fixed_ver':'18.3R3-S4'},
{'min_ver':'18.4', 'fixed_ver':'18.4R1-S8'},
{'min_ver':'18.4R2', 'fixed_ver':'18.4R2-S7'},
{'min_ver':'18.4R3', 'fixed_ver':'18.4R3-S7'},
{'min_ver':'19.1', 'fixed_ver':'19.1R1-S6'},
{'min_ver':'19.1R2', 'fixed_ver':'19.1R2-S2'},
{'min_ver':'19.1R3', 'fixed_ver':'19.1R3-S4'},
{'min_ver':'19.2', 'fixed_ver':'19.2R1-S6'},
{'min_ver':'19.2R2', 'fixed_ver':'19.2R3-S1'},
{'min_ver':'19.3', 'fixed_ver':'19.3R2-S5'},
{'min_ver':'19.3R3', 'fixed_ver':'19.3R3-S1'},
{'min_ver':'19.4', 'fixed_ver':'19.4R1-S4'},
{'min_ver':'19.4R2', 'fixed_ver':'19.4R2-S3'},
{'min_ver':'19.4R3', 'fixed_ver':'19.4R3-S1'},
{'min_ver':'20.1', 'fixed_ver':'20.1R2'},
{'min_ver':'20.2', 'fixed_ver':'20.2R2'},
{'min_ver':'20.3', 'fixed_ver':'20.3R1-S1', 'fixed_display': '20.3R1-S1, 20.3R2'}
];
# BGP must be enabled
override = TRUE;
var buf = junos_command_kb_item(cmd:'show bgp neighbor');
if (buf)
{
override = FALSE;
if (preg(string:buf, pattern:"BGP.* is not running", icase:TRUE, multiline:TRUE))
audit(AUDIT_HOST_NOT, "affected because BGP is not enabled");
# A BGP peering session is established.
# EX. Peer: 192.168.40.4+179 AS 17 Local: 192.168.6.5+56466 AS 17
# Type: Internal State: Established Flags: Sync
# Last State: OpenConfirm Last Event: RecvKeepAlive
if (!preg(string:buf, pattern:"Peer:.*State: Established", icase:TRUE, multiline:TRUE))
audit(AUDIT_HOST_NOT, "affected because BGP peering session is not established");
}
var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_WARNING);
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
42.6%