Details of VAR-202101-1392

ID

VAR-202101-1392

CVE

CVE-2021-0221

TITLE

Juniper Networks Junos OS Infinite loop vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002851

DESCRIPTION

In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. The traffic loop will cause interface traffic to increase abnormally, ultimately leading to a Denial of Service (DoS) in packet processing. The following command could be used to monitor the interface traffic: user@junos> monitor interface traffic Interface Link Input packets (pps) Output packets (pps) et-0/0/1 Up 6492089274364 (70994959) 6492089235319 (70994956) et-0/0/25 Up 343458103 (1) 156844 (0) ae0 Up 9132519197257 (70994959) 9132519139454 (70994956) This issue affects Juniper Networks Junos OS on QFX Series: all versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2. Juniper Networks Junos OS Exists in an infinite loop vulnerability.Denial of service (DoS) It may be put into a state. Juniper Networks Junos OS QFX is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. A denial of service vulnerability exists in Junos OS QFX that could be exploited by an attacker to trigger an overload through the IP multicast traffic loop of Junos QFX, thereby triggering a denial of service

Trust: 1.71

sources: NVD: CVE-2021-0221 // JVNDB: JVNDB-2021-002851 // VULHUB: VHN-372123

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	17.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.3	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-002851 // NVD: CVE-2021-0221

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0221
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2021-0221
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-0221
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202101-1122
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-372123
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-0221
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-372123
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-0221
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-002851
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-372123 // JVNDB: JVNDB-2021-002851 // CNNVD: CNNVD-202101-1122 // NVD: CVE-2021-0221 // NVD: CVE-2021-0221

PROBLEMTYPE DATA

problemtype:	CWE-835	Trust: 1.1
problemtype:	CWE-703	Trust: 1.0
problemtype:	infinite loop (CWE-835) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-372123 // JVNDB: JVNDB-2021-002851 // NVD: CVE-2021-0221

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1122

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-1122

PATCH

title:	JSA11111	url:	https://kb.juniper.net/JSA11111	Trust: 0.8
title:	Juniper Networks Junos OS QFX Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139559	Trust: 0.6

sources: JVNDB: JVNDB-2021-002851 // CNNVD: CNNVD-202101-1122

EXTERNAL IDS

db:	NVD	id:	CVE-2021-0221	Trust: 2.5
db:	JUNIPER	id:	JSA11111	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-002851	Trust: 0.8
db:	CNNVD	id:	CNNVD-202101-1122	Trust: 0.7
db:	VULHUB	id:	VHN-372123	Trust: 0.1

sources: VULHUB: VHN-372123 // JVNDB: JVNDB-2021-002851 // CNNVD: CNNVD-202101-1122 // NVD: CVE-2021-0221

REFERENCES

url:	https://kb.juniper.net/jsa11111	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0221	Trust: 1.4
url:	https://vigilance.fr/vulnerability/junos-os-qfx-overload-via-ip-multicast-traffic-loop-34337	Trust: 0.6

sources: VULHUB: VHN-372123 // JVNDB: JVNDB-2021-002851 // CNNVD: CNNVD-202101-1122 // NVD: CVE-2021-0221

SOURCES

db:	VULHUB	id:	VHN-372123
db:	JVNDB	id:	JVNDB-2021-002851
db:	CNNVD	id:	CNNVD-202101-1122
db:	NVD	id:	CVE-2021-0221

LAST UPDATE DATE

2024-08-14T15:06:58.221000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-372123	date:	2021-02-05T00:00:00
db:	JVNDB	id:	JVNDB-2021-002851	date:	2021-10-06T08:28:00
db:	CNNVD	id:	CNNVD-202101-1122	date:	2021-02-01T00:00:00
db:	NVD	id:	CVE-2021-0221	date:	2021-02-05T16:49:04.040

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-372123	date:	2021-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2021-002851	date:	2021-10-06T00:00:00
db:	CNNVD	id:	CNNVD-202101-1122	date:	2021-01-13T00:00:00
db:	NVD	id:	CVE-2021-0221	date:	2021-01-15T18:15:15.760