CVE-2021-0282 — Improper Check for Unusual or Exceptional Conditions in Networks Junos OS

CWE-754 — Improper Check for Unusual or Exceptional Conditions4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 41.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJul 15

Latest updateMay 24

Description

On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this UPDATE message will create a sustained Denial of Service (DoS) condition. This BGP UPDATE message can propagate to other BGP peers with vulnerable Junos versions on which Multipath or add-path feature is enabled, and cause RPD to crash and restart.…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os12.3 — 12.3R12-S18+8

▶NVDjuniper/junos9 versions+8

🔴Vulnerability Details

GHSA

GHSA-26fj-m6r6-qg3j: On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon↗2022-05-24

▶

CVEList

Junos OS: RPD crash while processing a specific BGP UPDATE when Multipath or add-path features are enabled↗2021-07-15

▶

📋Vendor Advisories

Juniper

CVE-2021-0282: On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon↗2021-07-15

▶