Lucene search
HistoryJul 15, 2021 - 8:15 p.m.
CVE-2021-0277
out-of-bounds read
junos os
junos os evolved
lldp frames
remote code execution
denial of service
CVSS2
5.8
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
CVSS3
8.8
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
55.5%
An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS), or may lead to remote code execution (RCE). Continued receipt and processing of these frames, sent from the local broadcast domain, will repeatedly crash the l2cpd process and sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved versions prior to 20.4R2-EVO.
Affected configurations
Node
juniperjunosMatch12.3-
ORjuniperjunosMatch12.3r1
ORjuniperjunosMatch12.3r10
ORjuniperjunosMatch12.3r10-s1
ORjuniperjunosMatch12.3r10-s2
ORjuniperjunosMatch12.3r11
ORjuniperjunosMatch12.3r12
ORjuniperjunosMatch12.3r12-s1
ORjuniperjunosMatch12.3r12-s10
ORjuniperjunosMatch12.3r12-s11
ORjuniperjunosMatch12.3r12-s12
ORjuniperjunosMatch12.3r12-s13
ORjuniperjunosMatch12.3r12-s14
ORjuniperjunosMatch12.3r12-s15
ORjuniperjunosMatch12.3r12-s16
ORjuniperjunosMatch12.3r12-s17
ORjuniperjunosMatch12.3r12-s3
ORjuniperjunosMatch12.3r12-s4
ORjuniperjunosMatch12.3r12-s6
ORjuniperjunosMatch12.3r12-s8
ORjuniperjunosMatch15.1-
ORjuniperjunosMatch15.1a1
ORjuniperjunosMatch15.1f
ORjuniperjunosMatch15.1f1
ORjuniperjunosMatch15.1f2
ORjuniperjunosMatch15.1f2-s1
ORjuniperjunosMatch15.1f2-s2
ORjuniperjunosMatch15.1f2-s3
ORjuniperjunosMatch15.1f2-s4
ORjuniperjunosMatch15.1f3
ORjuniperjunosMatch15.1f4
ORjuniperjunosMatch15.1f5
ORjuniperjunosMatch15.1f5-s7
ORjuniperjunosMatch15.1f6
ORjuniperjunosMatch15.1f6-s1
ORjuniperjunosMatch15.1f6-s10
ORjuniperjunosMatch15.1f6-s12
ORjuniperjunosMatch15.1f6-s2
ORjuniperjunosMatch15.1f6-s3
ORjuniperjunosMatch15.1f6-s4
ORjuniperjunosMatch15.1f6-s5
ORjuniperjunosMatch15.1f6-s6
ORjuniperjunosMatch15.1f6-s7
ORjuniperjunosMatch15.1f6-s8
ORjuniperjunosMatch15.1f6-s9
ORjuniperjunosMatch15.1f7
ORjuniperjunosMatch15.1r
ORjuniperjunosMatch15.1r1
ORjuniperjunosMatch15.1r2
ORjuniperjunosMatch15.1r3
ORjuniperjunosMatch15.1r4
ORjuniperjunosMatch15.1r4-s7
ORjuniperjunosMatch15.1r4-s8
ORjuniperjunosMatch15.1r4-s9
ORjuniperjunosMatch15.1r5
ORjuniperjunosMatch15.1r5-s1
ORjuniperjunosMatch15.1r5-s3
ORjuniperjunosMatch15.1r5-s5
ORjuniperjunosMatch15.1r5-s6
ORjuniperjunosMatch15.1r6
ORjuniperjunosMatch15.1r6-s1
ORjuniperjunosMatch15.1r6-s2
ORjuniperjunosMatch15.1r6-s3
ORjuniperjunosMatch15.1r6-s4
ORjuniperjunosMatch15.1r6-s6
ORjuniperjunosMatch15.1r7
ORjuniperjunosMatch15.1r7-s1
ORjuniperjunosMatch15.1r7-s2
ORjuniperjunosMatch15.1r7-s3
ORjuniperjunosMatch15.1r7-s4
ORjuniperjunosMatch15.1r7-s5
ORjuniperjunosMatch15.1r7-s6
ORjuniperjunosMatch15.1r7-s7
ORjuniperjunosMatch15.1r7-s8
ORjuniperjunosMatch17.3-
ORjuniperjunosMatch17.3r1
ORjuniperjunosMatch17.3r1-s1
ORjuniperjunosMatch17.3r1-s4
ORjuniperjunosMatch17.3r2
ORjuniperjunosMatch17.3r2-s1
ORjuniperjunosMatch17.3r2-s2
ORjuniperjunosMatch17.3r2-s3
ORjuniperjunosMatch17.3r2-s4
ORjuniperjunosMatch17.3r2-s5
ORjuniperjunosMatch17.3r3
ORjuniperjunosMatch17.3r3-
ORjuniperjunosMatch17.3r3-s1
ORjuniperjunosMatch17.3r3-s10
ORjuniperjunosMatch17.3r3-s11
ORjuniperjunosMatch17.3r3-s2
ORjuniperjunosMatch17.3r3-s3
ORjuniperjunosMatch17.3r3-s4
ORjuniperjunosMatch17.3r3-s5
ORjuniperjunosMatch17.3r3-s6
ORjuniperjunosMatch17.3r3-s7
ORjuniperjunosMatch17.3r3-s8
ORjuniperjunosMatch17.3r3-s9
ORjuniperjunosMatch17.4-
ORjuniperjunosMatch17.4r1
ORjuniperjunosMatch17.4r1-s1
ORjuniperjunosMatch17.4r1-s2
ORjuniperjunosMatch17.4r1-s3
ORjuniperjunosMatch17.4r1-s4
ORjuniperjunosMatch17.4r1-s5
ORjuniperjunosMatch17.4r1-s6
ORjuniperjunosMatch17.4r1-s7
ORjuniperjunosMatch17.4r2
ORjuniperjunosMatch17.4r2-s1
ORjuniperjunosMatch17.4r2-s10
ORjuniperjunosMatch17.4r2-s11
ORjuniperjunosMatch17.4r2-s12
ORjuniperjunosMatch17.4r2-s2
ORjuniperjunosMatch17.4r2-s3
ORjuniperjunosMatch17.4r2-s4
ORjuniperjunosMatch17.4r2-s5
ORjuniperjunosMatch17.4r2-s6
ORjuniperjunosMatch17.4r2-s7
ORjuniperjunosMatch17.4r2-s8
ORjuniperjunosMatch17.4r2-s9
ORjuniperjunosMatch17.4r3
ORjuniperjunosMatch17.4r3-s1
ORjuniperjunosMatch17.4r3-s2
ORjuniperjunosMatch17.4r3-s3
ORjuniperjunosMatch17.4r3-s4
ORjuniperjunosMatch18.1-
ORjuniperjunosMatch18.1r1
ORjuniperjunosMatch18.1r2
ORjuniperjunosMatch18.1r2-s1
ORjuniperjunosMatch18.1r2-s2
ORjuniperjunosMatch18.1r2-s4
ORjuniperjunosMatch18.1r3
ORjuniperjunosMatch18.1r3-s1
ORjuniperjunosMatch18.1r3-s10
ORjuniperjunosMatch18.1r3-s11
ORjuniperjunosMatch18.1r3-s12
ORjuniperjunosMatch18.1r3-s2
ORjuniperjunosMatch18.1r3-s3
ORjuniperjunosMatch18.1r3-s4
ORjuniperjunosMatch18.1r3-s5
ORjuniperjunosMatch18.1r3-s6
ORjuniperjunosMatch18.1r3-s7
ORjuniperjunosMatch18.1r3-s8
ORjuniperjunosMatch18.1r3-s9
ORjuniperjunosMatch18.2-
ORjuniperjunosMatch18.2r1
ORjuniperjunosMatch18.2r1-
ORjuniperjunosMatch18.2r1-s2
ORjuniperjunosMatch18.2r1-s3
ORjuniperjunosMatch18.2r1-s4
ORjuniperjunosMatch18.2r1-s5
ORjuniperjunosMatch18.2r2
ORjuniperjunosMatch18.2r2-s1
ORjuniperjunosMatch18.2r2-s2
ORjuniperjunosMatch18.2r2-s3
ORjuniperjunosMatch18.2r2-s4
ORjuniperjunosMatch18.2r2-s5
ORjuniperjunosMatch18.2r2-s6
ORjuniperjunosMatch18.2r2-s7
ORjuniperjunosMatch18.2r3
ORjuniperjunosMatch18.2r3-s1
ORjuniperjunosMatch18.2r3-s2
ORjuniperjunosMatch18.2r3-s3
ORjuniperjunosMatch18.2r3-s4
ORjuniperjunosMatch18.2r3-s5
ORjuniperjunosMatch18.2r3-s6
ORjuniperjunosMatch18.2r3-s7
ORjuniperjunosMatch18.4-
ORjuniperjunosMatch18.4r1
ORjuniperjunosMatch18.4r1-s1
ORjuniperjunosMatch18.4r1-s2
ORjuniperjunosMatch18.4r1-s3
ORjuniperjunosMatch18.4r1-s4
ORjuniperjunosMatch18.4r1-s5
ORjuniperjunosMatch18.4r1-s6
ORjuniperjunosMatch18.4r1-s7
ORjuniperjunosMatch18.4r2
ORjuniperjunosMatch18.4r2-s1
ORjuniperjunosMatch18.4r2-s2
ORjuniperjunosMatch18.4r2-s3
ORjuniperjunosMatch18.4r2-s4
ORjuniperjunosMatch18.4r2-s5
ORjuniperjunosMatch18.4r2-s6
ORjuniperjunosMatch18.4r2-s7
ORjuniperjunosMatch18.4r3
ORjuniperjunosMatch18.4r3-s1
ORjuniperjunosMatch18.4r3-s2
ORjuniperjunosMatch18.4r3-s3
ORjuniperjunosMatch18.4r3-s4
ORjuniperjunosMatch18.4r3-s5
ORjuniperjunosMatch18.4r3-s6
ORjuniperjunosMatch18.4r3-s7
ORjuniperjunosMatch19.1-
ORjuniperjunosMatch19.1r1
ORjuniperjunosMatch19.1r1-s1
ORjuniperjunosMatch19.1r1-s2
ORjuniperjunosMatch19.1r1-s3
ORjuniperjunosMatch19.1r1-s4
ORjuniperjunosMatch19.1r1-s5
ORjuniperjunosMatch19.1r1-s6
ORjuniperjunosMatch19.1r2
ORjuniperjunosMatch19.1r2-s1
ORjuniperjunosMatch19.1r2-s2
ORjuniperjunosMatch19.1r3
ORjuniperjunosMatch19.1r3-s1
ORjuniperjunosMatch19.1r3-s2
ORjuniperjunosMatch19.1r3-s3
ORjuniperjunosMatch19.1r3-s4
ORjuniperjunosMatch19.2-
ORjuniperjunosMatch19.2r1
ORjuniperjunosMatch19.2r1-s1
ORjuniperjunosMatch19.2r1-s2
ORjuniperjunosMatch19.2r1-s3
ORjuniperjunosMatch19.2r1-s4
ORjuniperjunosMatch19.2r1-s5
ORjuniperjunosMatch19.2r1-s6
ORjuniperjunosMatch19.2r2
ORjuniperjunosMatch19.2r2-s1
ORjuniperjunosMatch19.2r3
ORjuniperjunosMatch19.2r3-s1
ORjuniperjunosMatch19.2r3-s2
ORjuniperjunosMatch19.3-
ORjuniperjunosMatch19.3r1
ORjuniperjunosMatch19.3r1-s1
ORjuniperjunosMatch19.3r2
ORjuniperjunosMatch19.3r2-s1
ORjuniperjunosMatch19.3r2-s2
ORjuniperjunosMatch19.3r2-s3
ORjuniperjunosMatch19.3r2-s4
ORjuniperjunosMatch19.3r2-s5
ORjuniperjunosMatch19.3r3
ORjuniperjunosMatch19.3r3-s1
ORjuniperjunosMatch19.4r1
ORjuniperjunosMatch19.4r1-s1
ORjuniperjunosMatch19.4r1-s2
ORjuniperjunosMatch19.4r1-s3
ORjuniperjunosMatch19.4r2
ORjuniperjunosMatch19.4r2-s1
ORjuniperjunosMatch19.4r2-s2
ORjuniperjunosMatch19.4r2-s3
ORjuniperjunosMatch19.4r3
ORjuniperjunosMatch19.4r3-s1
ORjuniperjunosMatch19.4r3-s2
ORjuniperjunosMatch20.1r1
ORjuniperjunosMatch20.1r1-s1
ORjuniperjunosMatch20.1r1-s2
ORjuniperjunosMatch20.1r1-s3
ORjuniperjunosMatch20.1r1-s4
ORjuniperjunosMatch20.1r2
ORjuniperjunosMatch20.1r2-s1
ORjuniperjunosMatch20.2r1
ORjuniperjunosMatch20.2r1-s1
ORjuniperjunosMatch20.2r1-s2
ORjuniperjunosMatch20.2r1-s3
ORjuniperjunosMatch20.2r2
ORjuniperjunosMatch20.2r2-s1
ORjuniperjunosMatch20.2r2-s2
ORjuniperjunosMatch20.2r2-s3
ORjuniperjunosMatch20.2r3
ORjuniperjunosMatch20.3r1
ORjuniperjunosMatch20.3r1-s1
ORjuniperjunosMatch20.3r2
ORjuniperjunosMatch20.4r1
ORjuniperjunosMatch20.4r1-s1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:-:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r10:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r10-s1:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r10-s2:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r11:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r12:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r12-s1:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r12-s10:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r12-s11:*:*:*:*:*:* |
References
Related
prion
prion
Design/Logic Flaw
2021-07-15 20:15:00
cvelist
cvelist
cve
cve
CVE-2021-0277
2021-07-15 20:15:09
nessus
nessus
Juniper Junos OS Vulnerability (JSA11181)
2021-07-14 00:00:00
threatpost
threatpost
Critical Juniper Bug Allows DoS, RCE Against Carrier Networks
2021-07-16 17:17:19
CVSS2
5.8
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
CVSS3
8.8
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
55.5%
Related for NVD:CVE-2021-0277