CVE-2021-0208 — Improper Input Validation in Networks Junos OS

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 62.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedJan 15

Latest updateMay 24

Description

An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition. Continued receipt of the packet will sustain the Denial of Service. This issue affects: Juniper Networks Junos OS: All versions prior to 17.3R3-S10 except 15.1X49-D240 for SRX series; 17.4 versio…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved19.3 — 19.3R2-S5-EVO+2

▶CVEListV5juniper_networks/junos_osunspecified — 17.3R3-S10+11

▶NVDjuniper/junos_os_evolved19.3, 19.4, 20.1+2

▶NVDjuniper/junos12 versions+11

🔴Vulnerability Details

GHSA

GHSA-456m-cqc5-g822: An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malf↗2022-05-24

▶

CVEList

Junos OS and Junos OS Evolved: In bidirectional LSP configurations, on MPLS egress router RPD may core upon receipt of specific malformed RSVP packet.↗2021-01-15

▶

📋Vendor Advisories

Juniper

CVE-2021-0208: An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malf↗2021-01-15

▶