Details of VAR-202107-0488

ID

VAR-202107-0488

CVE

CVE-2021-0277

TITLE

Juniper Networks Junos OS and Junos OS Evolved Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202107-1052

DESCRIPTION

An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS), or may lead to remote code execution (RCE). Continued receipt and processing of these frames, sent from the local broadcast domain, will repeatedly crash the l2cpd process and sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved versions prior to 20.4R2-EVO. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The operating system provides a secure programming interface and Junos SDK. An attacker could exploit this vulnerability to cause a denial of service

Trust: 1.62

sources: NVD: CVE-2021-0277 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-372179 // VULMON: CVE-2021-0277

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	17.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.3	Trust: 1.0

sources: NVD: CVE-2021-0277

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0277
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2021-0277
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202107-1052
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-372179
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-0277
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-372179
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sirt@juniper.net:	CVE-2021-0277
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-372179 // CNNVD: CNNVD-202107-1052 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-0277 // NVD: CVE-2021-0277

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.1

sources: VULHUB: VHN-372179 // NVD: CVE-2021-0277

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1052

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202107-1052

PATCH

title:

Threatpost

url:

https://threatpost.com/critical-juniper-bug-dos-rce-carrier/167869/

Trust: 0.1

sources: VULMON: CVE-2021-0277

EXTERNAL IDS

db:	JUNIPER	id:	JSA11181	Trust: 1.8
db:	NVD	id:	CVE-2021-0277	Trust: 1.8
db:	CNNVD	id:	CNNVD-202107-1052	Trust: 0.7
db:	CS-HELP	id:	SB2021072021	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2391	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-372179	Trust: 0.1
db:	VULMON	id:	CVE-2021-0277	Trust: 0.1

sources: VULHUB: VHN-372179 // VULMON: CVE-2021-0277 // CNNVD: CNNVD-202107-1052 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-0277

REFERENCES

url:	https://kb.juniper.net/jsa11181	Trust: 1.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021072021	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2391	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/critical-juniper-bug-dos-rce-carrier/167869/	Trust: 0.1

sources: VULHUB: VHN-372179 // VULMON: CVE-2021-0277 // CNNVD: CNNVD-202107-1052 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-0277

SOURCES

db:	VULHUB	id:	VHN-372179
db:	VULMON	id:	CVE-2021-0277
db:	CNNVD	id:	CNNVD-202107-1052
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-0277

LAST UPDATE DATE

2024-08-14T12:12:00.588000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-372179	date:	2021-07-28T00:00:00
db:	VULMON	id:	CVE-2021-0277	date:	2021-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202107-1052	date:	2021-08-02T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-0277	date:	2021-07-28T14:20:46.147

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-372179	date:	2021-07-15T00:00:00
db:	VULMON	id:	CVE-2021-0277	date:	2021-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202107-1052	date:	2021-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-0277	date:	2021-07-15T20:15:09.370