CVE-2021-0259 — Improper Handling of Exceptional Conditions in Networks Junos OS

CWE-755 — Improper Handling of Exceptional Conditions4 documents4 sources

Severity

7.4HIGHNVD

EPSS

0.1%

top 71.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedApr 22

Latest updateMay 24

Description

Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instability might be experienced in the underlay network as a consequence of exceeding the default ddos-protection aggregate threshold. If an attacker on a client device on the overlay network sends a high volume of specific, legitimate traffic in the overlay network, due to an improperly detected DDoS violation, the leaf might not process certain L2 traf…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 20.3R2-EVO

▶CVEListV5juniper_networks/junos_os17.3 — 17.3R3-S11+12

▶NVDjuniper/junos_os_evolved7 versions+6

▶NVDjuniper/junos13 versions+12

🔴Vulnerability Details

GHSA

GHSA-m8qm-rfm2-9pjv: Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instabi↗2022-05-24

▶

CVEList

Junos OS and Junos OS Evolved: QFX5K Series: Underlay network traffic might not be processed upon receipt of high rate of specific genuine overlay packets in VXLAN scenario↗2021-04-22

▶

📋Vendor Advisories

Juniper

CVE-2021-0259: Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instabi↗2021-04-22

▶