ID

VAR-202101-1392


CVE

CVE-2021-0221


TITLE

Juniper Networks Junos OS  Infinite loop vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002851

DESCRIPTION

In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. The traffic loop will cause interface traffic to increase abnormally, ultimately leading to a Denial of Service (DoS) in packet processing. The following command could be used to monitor the interface traffic: user@junos> monitor interface traffic Interface Link Input packets (pps) Output packets (pps) et-0/0/1 Up 6492089274364 (70994959) 6492089235319 (70994956) et-0/0/25 Up 343458103 (1) 156844 (0) ae0 Up 9132519197257 (70994959) 9132519139454 (70994956) This issue affects Juniper Networks Junos OS on QFX Series: all versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2. Juniper Networks Junos OS Exists in an infinite loop vulnerability.Denial of service (DoS) It may be put into a state. Juniper Networks Junos OS QFX is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. A denial of service vulnerability exists in Junos OS QFX that could be exploited by an attacker to trigger an overload through the IP multicast traffic loop of Junos QFX, thereby triggering a denial of service

Trust: 1.71

sources: NVD: CVE-2021-0221 // JVNDB: JVNDB-2021-002851 // VULHUB: VHN-372123

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:ジュニパーネットワークスmodel:junos osscope:eqversion: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002851 // NVD: CVE-2021-0221

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-0221
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2021-0221
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-0221
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202101-1122
value: MEDIUM

Trust: 0.6

VULHUB: VHN-372123
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-0221
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-372123
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-0221
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-002851
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-372123 // JVNDB: JVNDB-2021-002851 // CNNVD: CNNVD-202101-1122 // NVD: CVE-2021-0221 // NVD: CVE-2021-0221

PROBLEMTYPE DATA

problemtype:CWE-835

Trust: 1.1

problemtype:CWE-703

Trust: 1.0

problemtype:infinite loop (CWE-835) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-372123 // JVNDB: JVNDB-2021-002851 // NVD: CVE-2021-0221

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1122

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-1122

PATCH

title:JSA11111url:https://kb.juniper.net/JSA11111

Trust: 0.8

title:Juniper Networks Junos OS QFX Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139559

Trust: 0.6

sources: JVNDB: JVNDB-2021-002851 // CNNVD: CNNVD-202101-1122

EXTERNAL IDS

db:NVDid:CVE-2021-0221

Trust: 2.5

db:JUNIPERid:JSA11111

Trust: 1.7

db:JVNDBid:JVNDB-2021-002851

Trust: 0.8

db:CNNVDid:CNNVD-202101-1122

Trust: 0.7

db:VULHUBid:VHN-372123

Trust: 0.1

sources: VULHUB: VHN-372123 // JVNDB: JVNDB-2021-002851 // CNNVD: CNNVD-202101-1122 // NVD: CVE-2021-0221

REFERENCES

url:https://kb.juniper.net/jsa11111

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-0221

Trust: 1.4

url:https://vigilance.fr/vulnerability/junos-os-qfx-overload-via-ip-multicast-traffic-loop-34337

Trust: 0.6

sources: VULHUB: VHN-372123 // JVNDB: JVNDB-2021-002851 // CNNVD: CNNVD-202101-1122 // NVD: CVE-2021-0221

SOURCES

db:VULHUBid:VHN-372123
db:JVNDBid:JVNDB-2021-002851
db:CNNVDid:CNNVD-202101-1122
db:NVDid:CVE-2021-0221

LAST UPDATE DATE

2024-08-14T15:06:58.221000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-372123date:2021-02-05T00:00:00
db:JVNDBid:JVNDB-2021-002851date:2021-10-06T08:28:00
db:CNNVDid:CNNVD-202101-1122date:2021-02-01T00:00:00
db:NVDid:CVE-2021-0221date:2021-02-05T16:49:04.040

SOURCES RELEASE DATE

db:VULHUBid:VHN-372123date:2021-01-15T00:00:00
db:JVNDBid:JVNDB-2021-002851date:2021-10-06T00:00:00
db:CNNVDid:CNNVD-202101-1122date:2021-01-13T00:00:00
db:NVDid:CVE-2021-0221date:2021-01-15T18:15:15.760