CVE-2021-0229Uncontrolled Resource Consumption in Networks Junos OS

CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.5%
top 32.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 22
Latest updateMay 24

Description

An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) server of Juniper Networks Junos OS allows an attacker to cause MQTT server to crash and restart leading to a Denial of Service (DoS) by sending a stream of specific packets. A Juniper Extension Toolkit (JET) application designed with a listening port uses the Message Queue Telemetry Transport (MQTT) protocol to connect to a mosquitto broker that is running on Junos OS to subscribe for events. Continue

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5juniper_networks/junos_os16.1R116.1*+13
NVDjuniper/junos17 versions+16

🔴Vulnerability Details

2
GHSA
GHSA-9m37-9r6q-24ch: An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) server of Juniper Networks Junos OS allows an attacker2022-05-24
CVEList
Junos OS: Receipt of specific packets could lead to Denial of Service in MQTT Server2021-04-22

📋Vendor Advisories

1
Juniper
CVE-2021-0229: An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) server of Juniper Networks Junos OS allows an attacker2021-04-22
CVE-2021-0229 — Uncontrolled Resource Consumption | cvebase