CVE-2021-0295 — Incorrect Comparison in Networks Junos OS

CWE-697 — Incorrect Comparison4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 71.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJul 15

Latest updateMay 24

Description

A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks Junos OS on the QFX10K Series switches allows an attacker to trigger a packet forwarding loop, leading to a partial Denial of Service (DoS). The issue is caused by DVMRP packets looping on a multi-homed Ethernet Segment Identifier (ESI) when VXLAN is configured. DVMRP packets received on a multi-homed ESI are sent to the peer, and then incorrectly forwarded out the same ESI, violating the split horizon …

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os17.3 — 17.3R3-S12+13

▶NVDjuniper/junos14 versions+13

🔴Vulnerability Details

GHSA

GHSA-cggm-fw5p-7282: A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks Junos OS on the QFX10K Series switches allows an attacke↗2022-05-24

▶

CVEList

Junos OS: QFX10K Series: Denial of Service (DoS) upon receipt of DVMRP packets received on multi-homing ESI in VXLAN.↗2021-07-15

▶

📋Vendor Advisories

Juniper

CVE-2021-0295: A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks Junos OS on the QFX10K Series switches allows an attacke↗2021-07-15

▶