CVE-2021-0205Improper Access Control in Networks Junos OS

CWE-284Improper Access Control4 documents4 sources
Severity
5.8MEDIUMNVD
EPSS
0.2%
top 54.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 15
Latest updateMay 24

Description

When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the prefix as /32, causing the filter to block unexpected traffic. This issue affects only IPv6 prefixes when used as source and destination. This issue affects MX Series devices using MS-MPC, MS-MIC or MS-SPC3 service cards with IDS service configured. This issue affects: Juniper Networks Junos OS 17.3 v

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5juniper_networks/junos_os17.317.3R3-S10+11
NVDjuniper/junos12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-pjq4-grjv-rg5j: When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or d2022-05-24
CVEList
Junos OS: MX Series: Dynamic filter fails to match IPv6 prefix2021-01-15

📋Vendor Advisories

1
Juniper
CVE-2021-0205: When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or d2021-01-15
CVE-2021-0205 — Improper Access Control | cvebase