Details of VAR-202101-1886

ID

VAR-202101-1886

CVE

CVE-2021-0209

TITLE

Juniper Networks Junos OS Evolved Vulnerability in accessing uninitialized pointers in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002743

DESCRIPTION

In Juniper Networks Junos OS Evolved an attacker sending certain valid BGP update packets may cause Junos OS Evolved to access an uninitialized pointer causing RPD to core leading to a Denial of Service (DoS). Continued receipt of these types of valid BGP update packets will cause an extended Denial of Service condition. RPD will require a restart to recover. An indicator of compromise is to see if the file rpd.re exists by issuing the command: show system core-dumps This issue affects: Juniper Networks Junos OS Evolved 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S2-EVO, 20.1R2-S1-EVO. This issue does not affect Junos OS

Trust: 1.71

sources: NVD: CVE-2021-0209 // JVNDB: JVNDB-2021-002743 // VULHUB: VHN-372111

AFFECTED PRODUCTS

vendor:	juniper	model:	junos os evolved	scope:	eq	version:	19.4	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	20.1	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	junos os evolved	scope:	-	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os evolved	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-002743 // NVD: CVE-2021-0209

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0209
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2021-0209
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-0209
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202101-1112
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-372111
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-0209
severity:	MEDIUM
baseScore:	5.7
vectorString:	AV:A/AC:M/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-372111
severity:	MEDIUM
baseScore:	5.7
vectorString:	AV:A/AC:M/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-0209
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-002743
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-372111 // JVNDB: JVNDB-2021-002743 // CNNVD: CNNVD-202101-1112 // NVD: CVE-2021-0209 // NVD: CVE-2021-0209

PROBLEMTYPE DATA

problemtype:	CWE-824	Trust: 1.1
problemtype:	Accessing uninitialized pointers (CWE-824) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-372111 // JVNDB: JVNDB-2021-002743 // NVD: CVE-2021-0209

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1112

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202101-1112

PATCH

title:	JSA11099	url:	https://kb.juniper.net/JSA11099	Trust: 0.8
title:	Juniper Networks Junos OS Evolved Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139553	Trust: 0.6

sources: JVNDB: JVNDB-2021-002743 // CNNVD: CNNVD-202101-1112

EXTERNAL IDS

db:	NVD	id:	CVE-2021-0209	Trust: 2.5
db:	JUNIPER	id:	JSA11099	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-002743	Trust: 0.8
db:	CNNVD	id:	CNNVD-202101-1112	Trust: 0.7
db:	VULHUB	id:	VHN-372111	Trust: 0.1

sources: VULHUB: VHN-372111 // JVNDB: JVNDB-2021-002743 // CNNVD: CNNVD-202101-1112 // NVD: CVE-2021-0209

REFERENCES

url:	https://kb.juniper.net/jsa11099	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0209	Trust: 1.4
url:	https://vigilance.fr/vulnerability/junos-os-evolved-denial-of-service-via-bgp-update-regex-34329	Trust: 0.6

sources: VULHUB: VHN-372111 // JVNDB: JVNDB-2021-002743 // CNNVD: CNNVD-202101-1112 // NVD: CVE-2021-0209

SOURCES

db:	VULHUB	id:	VHN-372111
db:	JVNDB	id:	JVNDB-2021-002743
db:	CNNVD	id:	CNNVD-202101-1112
db:	NVD	id:	CVE-2021-0209

LAST UPDATE DATE

2024-08-14T15:12:00.809000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-372111	date:	2021-10-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-002743	date:	2021-09-29T08:26:00
db:	CNNVD	id:	CNNVD-202101-1112	date:	2021-01-25T00:00:00
db:	NVD	id:	CVE-2021-0209	date:	2021-10-25T15:20:20.700

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-372111	date:	2021-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2021-002743	date:	2021-09-29T00:00:00
db:	CNNVD	id:	CNNVD-202101-1112	date:	2021-01-13T00:00:00
db:	NVD	id:	CVE-2021-0209	date:	2021-01-15T18:15:15.027