Details of VAR-202104-0560

ID

VAR-202104-0560

CVE

CVE-2021-0229

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) server of Juniper Networks Junos OS allows an attacker to cause MQTT server to crash and restart leading to a Denial of Service (DoS) by sending a stream of specific packets. A Juniper Extension Toolkit (JET) application designed with a listening port uses the Message Queue Telemetry Transport (MQTT) protocol to connect to a mosquitto broker that is running on Junos OS to subscribe for events. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: 16.1R1 and later versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The operating system provides a secure programming interface and Junos SDK

Trust: 1.62

sources: NVD: CVE-2021-0229 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-372131 // VULMON: CVE-2021-0229

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	17.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	16.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	16.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.3	Trust: 1.0

sources: NVD: CVE-2021-0229

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0229
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2021-0229
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-1095
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-372131
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-0229
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-0229
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-372131
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-0229
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-372131 // VULMON: CVE-2021-0229 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1095 // NVD: CVE-2021-0229 // NVD: CVE-2021-0229

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.1

sources: VULHUB: VHN-372131 // NVD: CVE-2021-0229

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-1095

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

Juniper Networks Junos OS Remediation of resource management error vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147796

Trust: 0.6

sources: CNNVD: CNNVD-202104-1095

EXTERNAL IDS

db:	NVD	id:	CVE-2021-0229	Trust: 1.8
db:	JUNIPER	id:	JSA11124	Trust: 1.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021041909	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-1095	Trust: 0.6
db:	VULHUB	id:	VHN-372131	Trust: 0.1
db:	VULMON	id:	CVE-2021-0229	Trust: 0.1

sources: VULHUB: VHN-372131 // VULMON: CVE-2021-0229 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1095 // NVD: CVE-2021-0229

REFERENCES

url:	https://kb.juniper.net/jsa11124	Trust: 1.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-35081	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041909	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0229	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-372131 // VULMON: CVE-2021-0229 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1095 // NVD: CVE-2021-0229

SOURCES

db:	VULHUB	id:	VHN-372131
db:	VULMON	id:	CVE-2021-0229
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202104-1095
db:	NVD	id:	CVE-2021-0229

LAST UPDATE DATE

2024-08-14T12:54:47.535000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-372131	date:	2021-04-27T00:00:00
db:	VULMON	id:	CVE-2021-0229	date:	2021-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-1095	date:	2021-04-28T00:00:00
db:	NVD	id:	CVE-2021-0229	date:	2021-04-27T18:01:27.013

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-372131	date:	2021-04-22T00:00:00
db:	VULMON	id:	CVE-2021-0229	date:	2021-04-22T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-1095	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-0229	date:	2021-04-22T20:15:08.607