CVE-2021-0221Improper Check or Handling of Exceptional Conditions in Networks Junos OS

CWE-703Improper Check or Handling of Exceptional ConditionsCWE-835Infinite Loop6 documents6 sources
Severity
6.5MEDIUMNVD
OSV6.1
EPSS
0.1%
top 76.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 15
Latest updateJul 23

Description

In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. The traffic loop will cause interface traffic to increase abnormally, ultimately leading to a Denial of Service (DoS) in packet processing. The following command could be used to monitor the interface traffic: user@junos> monitor interface traffic Interface Link Input packets (pps) Output packets (pps) et-0/0/1 Up 64920

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified17.3R3-S10+11
NVDjuniper/junos12 versions+11

🔴Vulnerability Details

3
OSV
tomcat vulnerabilities2024-07-23
GHSA
GHSA-86fx-vw86-g82j: In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of sp2022-05-24
CVEList
Junos OS: QFX Series: Traffic loop Denial of Service (DoS) upon receipt of specific IP multicast traffic2021-01-15

📋Vendor Advisories

2
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: BI Platform Security (Apache Tomcat) — CVE-2019-02212021-04-15
Juniper
CVE-2021-0221: In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of sp2021-01-15
CVE-2021-0221 — Juniper Networks Junos OS vulnerability | cvebase