CVE-2021-0230Uncontrolled Resource Consumption in Networks Junos OS

CWE-400Uncontrolled Resource ConsumptionCWE-401Missing Release of Memory after Effective Lifetime5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 22
Latest updateMay 24

Description

On Juniper Networks SRX Series devices with link aggregation (lag) configured, executing any operation that fetches Aggregated Ethernet (AE) interface statistics, including but not limited to SNMP GET requests, causes a slow kernel memory leak. If all the available memory is consumed, the traffic will be impacted and a reboot might be required. The following log can be seen if this issue happens. /kernel: rt_pfe_veto: Memory over consumed. Op 1 err 12, rtsm_id 0:-1, msg type 72 /kernel: rt_pfe_v

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os17.1R317.1*+12
NVDjuniper/junos14 versions+13

🔴Vulnerability Details

2
GHSA
GHSA-vmwj-88gq-629h: On Juniper Networks Junos OS platforms with link aggregation (lag) configured, executing any operation that fetches Aggregated Ethernet (AE) interface2022-05-24
CVEList
Junos OS: SRX Series: Memory leak when querying Aggregated Ethernet (AE) interface statistics2021-04-22

📋Vendor Advisories

2
Juniper
CVE-2021-0230: On Juniper Networks SRX Series devices with link aggregation (lag) configured, executing any operation that fetches Aggregated Ethernet (AE) interface2021-04-22
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: User Interface (Apache Struts) — CVE-2019-02302021-01-15
CVE-2021-0230 — Uncontrolled Resource Consumption | cvebase