CVE-2021-0244 — Race Condition in Networks Junos OS

CWE-362 — Race Condition4 documents4 sources

Severity

7.4HIGHNVD

EPSS

0.2%

top 56.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedApr 22

Latest updateMay 24

Description

A signal handler race condition exists in the Layer 2 Address Learning Daemon (L2ALD) of Juniper Networks Junos OS due to the absence of a specific protection mechanism to avoid a race condition which may allow an attacker to bypass the storm-control feature on devices. This issue is a corner case and only occurs during specific actions taken by an administrator of a device under certain specifics actions which triggers the event. The event occurs less frequently on devices which are not configu…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os14.1X53 — 14.1X53-D49+13

▶NVDjuniper/junos13 versions+12

🔴Vulnerability Details

GHSA

GHSA-6w22-mmhg-hxh2: A signal handler race condition exists in the Layer 2 Address Learning Daemon (L2ALD) of Juniper Networks Junos OS due to the absence of a specific pr↗2022-05-24

▶

CVEList

Junos OS: A race condition in the storm control profile may allow an attacker to cause a Denial of Service condition↗2021-04-22

▶

📋Vendor Advisories

Juniper

CVE-2021-0244: A signal handler race condition exists in the Layer 2 Address Learning Daemon (L2ALD) of Juniper Networks Junos OS due to the absence of a specific pr↗2021-04-22

▶