CVE-2021-0228Improper Check for Unusual or Exceptional Conditions in Networks Junos OS

CWE-754Improper Check for Unusual or Exceptional Conditions6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 76.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 22
Latest updateMay 24

Description

An improper check for unusual or exceptional conditions vulnerability in Juniper Networks MX Series platforms with Trio-based MPC (Modular Port Concentrator) deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, may allow an attacker sending specific Layer 2 traffic to cause Distributed Denial of Service (DDoS) protection to trigger unexpectedly, resulting in traffic impact. Continued receipt and processing of this specific Layer 2 frames will sustain the Denial of Servic

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os15.115.1R7-S9+13
NVDjuniper/junos14 versions+13

🔴Vulnerability Details

2
GHSA
GHSA-389v-3v24-gh3w: An improper check for unusual or exceptional conditions vulnerability in Juniper Networks MX Series platforms with Trio-based MPC (Modular Port Concen2022-05-24
CVEList
Junos OS: MX Series: DDoS LACP violation upon receipt of specific layer 2 frames in EVPN-VXLAN deployment2021-04-22

📋Vendor Advisories

3
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Onboarding (Apache PDFbox) — CVE-2019-02282021-07-15
Juniper
CVE-2021-0228: An improper check for unusual or exceptional conditions vulnerability in Juniper Networks MX Series platforms with Trio-based MPC (Modular Port Concen2021-04-22
Oracle
Oracle Oracle Communications Applications Risk Matrix: Message Store (Apache PDFBox) — CVE-2019-02282021-04-15
CVE-2021-0228 — Juniper Networks Junos OS vulnerability | cvebase