ID

VAR-202104-0566


CVE

CVE-2021-0241


TITLE

Juniper Networks Junos OS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202104-1039

DESCRIPTION

On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a specific DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of these specific packets will repeatedly crash the JDHCPD process and sustain the Denial of Service (DoS) condition. This issue only affects DHCPv6. DHCPv4 is not affected by this issue. This issue affects: Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1, 19.3R3-S2; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. There is a security vulnerability in Junos OS, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time

Trust: 1.08

sources: NVD: CVE-2021-0241 // VULHUB: VHN-372143 // VULMON: CVE-2021-0241

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

sources: NVD: CVE-2021-0241

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-0241
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2021-0241
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-1039
value: MEDIUM

Trust: 0.6

VULHUB: VHN-372143
value: LOW

Trust: 0.1

VULMON: CVE-2021-0241
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-0241
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-372143
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

VULMON: CVE-2021-0241
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-0241
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2021-0241
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-372143 // VULMON: CVE-2021-0241 // CNNVD: CNNVD-202104-1039 // NVD: CVE-2021-0241 // NVD: CVE-2021-0241

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.1

problemtype:CWE-703

Trust: 1.0

sources: VULHUB: VHN-372143 // NVD: CVE-2021-0241

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202104-1039

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-1039

PATCH

title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148285

Trust: 0.6

sources: CNNVD: CNNVD-202104-1039

EXTERNAL IDS

db:JUNIPERid:JSA11168

Trust: 1.8

db:NVDid:CVE-2021-0241

Trust: 1.8

db:CNNVDid:CNNVD-202104-1039

Trust: 0.6

db:VULHUBid:VHN-372143

Trust: 0.1

db:VULMONid:CVE-2021-0241

Trust: 0.1

sources: VULHUB: VHN-372143 // VULMON: CVE-2021-0241 // CNNVD: CNNVD-202104-1039 // NVD: CVE-2021-0241

REFERENCES

url:https://kb.juniper.net/jsa11168

Trust: 1.8

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-35081

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-0241

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/755.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-372143 // VULMON: CVE-2021-0241 // CNNVD: CNNVD-202104-1039 // NVD: CVE-2021-0241

SOURCES

db:VULHUBid:VHN-372143
db:VULMONid:CVE-2021-0241
db:CNNVDid:CNNVD-202104-1039
db:NVDid:CVE-2021-0241

LAST UPDATE DATE

2024-08-14T13:54:06.233000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-372143date:2021-07-23T00:00:00
db:VULMONid:CVE-2021-0241date:2021-04-27T00:00:00
db:CNNVDid:CNNVD-202104-1039date:2021-08-12T00:00:00
db:NVDid:CVE-2021-0241date:2021-07-23T19:10:02.257

SOURCES RELEASE DATE

db:VULHUBid:VHN-372143date:2021-04-22T00:00:00
db:VULMONid:CVE-2021-0241date:2021-04-22T00:00:00
db:CNNVDid:CNNVD-202104-1039date:2021-04-14T00:00:00
db:NVDid:CVE-2021-0241date:2021-04-22T20:15:09.023