CVE-2021-0251 — NULL Pointer Dereference in Networks Junos OS

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

8.6HIGHNVD

EPSS

0.4%

top 39.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedApr 22

Latest updateMay 24

Description

A NULL Pointer Dereference vulnerability in the Captive Portal Content Delivery (CPCD) services daemon (cpcd) of Juniper Networks Junos OS on MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC allows an attacker to send malformed HTTP packets to the device thereby causing a Denial of Service (DoS), crashing the Multiservices PIC Management Daemon (mspmand) process thereby denying users the ability to login, while concurrently impacting other mspmand services and traffic through the device. Continu…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os17.3R1 — 17.3*+8

▶NVDjuniper/junos9 versions+8

🔴Vulnerability Details

GHSA

GHSA-5jf3-q8jf-76c7: A NULL Pointer Dereference vulnerability in the Captive Portal Content Delivery (CPCD) services daemon (cpcd) of Juniper Networks Junos OS on MX Serie↗2022-05-24

▶

CVEList

Junos OS: MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC: The BRAS Subscriber Services service activation portal is vulnerable to a Denial of Service (DoS) via malformed HTTP packets↗2021-04-22

▶

📋Vendor Advisories

Juniper

CVE-2021-0251: A NULL Pointer Dereference vulnerability in the Captive Portal Content Delivery (CPCD) services daemon (cpcd) of Juniper Networks Junos OS on MX Serie↗2021-04-22

▶