CVE-2021-0257Uncontrolled Resource Consumption in Networks Junos OS

CWE-400Uncontrolled Resource ConsumptionCWE-401Missing Release of Memory after Effective Lifetime4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 76.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 22
Latest updateMay 24

Description

On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port Concentrators) where Integrated Routing and Bridging (IRB) interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge (CE) devices may cause memory leaks in the MPC of Provider Edge (PE) devices which can cause an out of memory condition and MPC restart. When this issue occurs, there will be temporary traffic interruption until the MPC is r

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os17.317.3R3-S10+9
NVDjuniper/junos10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-gcm7-8qcf-55m9: On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port Concentrators) where Integrated Routing and Bridging (IRB2022-05-24
CVEList
Junos OS: MX Series, EX9200 Series: Trio-based MPCs memory leak in VPLS with integrated routing and bridging (IRB) interface2021-04-22

📋Vendor Advisories

1
Juniper
CVE-2021-0257: On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port Concentrators) where Integrated Routing and Bridging (IRB2021-04-22
CVE-2021-0257 — Uncontrolled Resource Consumption | cvebase