CVE-2021-0202Uncontrolled Resource Consumption in Networks Junos OS

CWE-400Uncontrolled Resource ConsumptionCWE-401Missing Release of Memory after Effective Lifetime4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 15
Latest updateMay 24

Description

On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC (Modular Port Concentrator) where Integrated Routing and Bridging (IRB) interface is configured and it is mapped to a VPLS instance or a Bridge-Domain, certain network events at Customer Edge (CE) device may cause memory leak in the MPC which can cause an out of memory and MPC restarts. When this issue occurs, there will be temporary traffic interruption until the MPC is restored. An administrator can use the following

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os18.2R3-S418.2*+7
NVDjuniper/junos8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-ggwm-qq5r-j28w: On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC (Modular Port Concentrator) where Integrated Routing and Bridging (IRB)2022-05-24
CVEList
Junos OS: MX Series, EX9200 Series: Trio-based MPC memory leak when Integrated Routing and Bridging (IRB) interface is mapped to a VPLS instance or a Bridge-Domain2021-01-15

📋Vendor Advisories

1
Juniper
CVE-2021-0202: On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC (Modular Port Concentrator) where Integrated Routing and Bridging (IRB)2021-01-15
CVE-2021-0202 — Uncontrolled Resource Consumption | cvebase