CVE-2021-0291Exposure of Sensitive System Information to an Unauthorized Control Sphere in Networks Junos OS

CWE-497Exposure of Sensitive System Information to an Unauthorized Control SphereCWE-200Sensitive Information Exposure4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 47.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Juniper Networks Junos OSJuniper Networks Junos OS EvolvedJuniper Junos+1 more
Timeline
PublishedJul 15
Latest updateMay 24

Description

An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. The SNMP Agent Extensibility (agentx) process should only be listening to TCP po

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages4 packages

CVEListV5juniper_networks/junos_os_evolvedunspecified20.3R2-EVO
CVEListV5juniper_networks/junos_os15.115.1R7-S9+11
NVDjuniper/junos_os_evolved6 versions+5
NVDjuniper/junos12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-hx54-cc43-34cx: An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being suffi2022-05-24
CVEList
Junos OS and Junos OS Evolved: A vulnerability allows a network based unauthenticated attacker which sends a high rate of specific traffic to cause a partial Denial of Service2021-07-15

📋Vendor Advisories

1
Juniper
CVE-2021-0291: An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being suffi2021-07-15
CVE-2021-0291 — Juniper Networks Junos OS vulnerability | cvebase