CVE-2021-0267Improper Input Validation in Networks Junos OS

CWE-20Improper Input Validation4 documents4 sources
Severity
6.5MEDIUMNVD
CNA7.4
EPSS
0.1%
top 82.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 22
Latest updateMay 24

Description

An Improper Input Validation vulnerability in the active-lease query portion in JDHCPD's DHCP Relay Agent of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending a crafted DHCP packet to the device thereby crashing the jdhcpd DHCP service. This is typically configured for Broadband Subscriber Sessions. Continued receipt and processing of this crafted packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos O

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os19.419.4R3-S1+3
NVDjuniper/junos4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-m6p4-4cgp-9hfh: An Improper Input Validation vulnerability in the active-lease query portion in JDHCPD's DHCP Relay Agent of Juniper Networks Junos OS allows an attac2022-05-24
CVEList
Junos OS: Receipt of a crafted DHCP packet will cause the jdhcpd DHCP service to core.2021-04-22

📋Vendor Advisories

1
Juniper
CVE-2021-0267: An Improper Input Validation vulnerability in the active-lease query portion in JDHCPD's DHCP Relay Agent of Juniper Networks Junos OS allows an attac2021-04-22
CVE-2021-0267 — Improper Input Validation | cvebase