CVE-2021-0239 — Improper Check for Unusual or Exceptional Conditions in Networks Junos OS Evolved

CWE-754 — Improper Check for Unusual or Exceptional Conditions4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 57.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedApr 22

Latest updateMay 24

Description

In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit (AFT) manager process (Evo-aftmand), responsible for handling Route, Class-of-Service (CoS), Firewall operations within the packet forwarding engine (PFE) to crash and restart, leading to a Denial of Service (DoS) condition. By continuously sending this specific stream of genuine Layer 2 frames, an attacker can repeatedly crash the PFE, causing a sustained Denial…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 20.4R1-EVO

▶NVDjuniper/junos_os_evolved20.4

🔴Vulnerability Details

GHSA

GHSA-hr3q-mvqf-hmmc: In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit (AFT) manager p↗2022-05-24

▶

CVEList

Junos OS Evolved: Denial of Service due to receipt of specific genuine layer 2 frames.↗2021-04-22

▶

📋Vendor Advisories

Juniper

CVE-2021-0239: In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit (AFT) manager p↗2021-04-22

▶