CVE-2021-31354 — Out-of-bounds Read in Networks Junos OS

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

8.8HIGHNVD

CNA7.1

EPSS

0.3%

top 48.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedOct 19

Latest updateMay 24

Description

An Out Of Bounds (OOB) access vulnerability in the handling of responses by a Juniper Agile License (JAL) Client in Juniper Networks Junos OS and Junos OS Evolved, configured in Network Mode (to use Juniper Agile License Manager) may allow an attacker to cause a partial Denial of Service (DoS), or lead to remote code execution (RCE). The vulnerability exists in the packet parsing logic on the client that processes the response from the server using a custom protocol. An attacker with control of …

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved20.1R1-EVO — unspecified+1

▶CVEListV5juniper_networks/junos_os19.2 — 19.2R3-S3+6

▶NVDjuniper/junos_os_evolved6 versions+5

▶NVDjuniper/junos7 versions+6

🔴Vulnerability Details

GHSA

GHSA-m9gx-79mm-q64v: An Out Of Bounds (OOB) access vulnerability in the handling of responses by a Juniper Agile License (JAL) Client in Juniper Networks Junos OS and Juno↗2022-05-24

▶

CVEList

Junos OS and Junos OS Evolved: A vulnerability in the Juniper Agile License Client may allow an attacker to perform Remote Code Execution (RCE)↗2021-10-19

▶

📋Vendor Advisories

Juniper

CVE-2021-31354: An Out Of Bounds (OOB) access vulnerability in the handling of responses by a Juniper Agile License (JAL) Client in Juniper Networks Junos OS and Juno↗2021-10-19

▶