CVE-2021-0277 — Out-of-bounds Read in Networks Junos OS

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 54.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos

Timeline

PublishedJul 15

Latest updateMay 24

Description

An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS), or may lead to remote code execution (RCE). Continued receipt and processing of these frames, sent from the local broadcast domain, will repeatedly crash the l2cpd process and sustain the Denial of Service (DoS) condition. This issue affects: Juniper Network…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 20.4R2-EVO

▶CVEListV5juniper_networks/junos_os12.3 — 12.3R12-S18+15

▶NVDjuniper/junos15 versions+14

🔴Vulnerability Details

GHSA

GHSA-8hcm-429r-wxhf: An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Netwo↗2022-05-24

▶

CVEList

Junos OS and Junos OS Evolved: LLDP Out-of-Bounds Read vulnerability in l2cpd↗2021-07-15

▶

📋Vendor Advisories

Juniper

CVE-2021-0277: An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Netwo↗2021-07-15

▶