ID

VAR-202107-1231


CVE

CVE-2021-0291


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. The SNMP Agent Extensibility (agentx) process should only be listening to TCP port 705 on the internal routing instance. External connections destined to port 705 should not be allowed. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS Evolved versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 13.2R1. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.62

sources: NVD: CVE-2021-0291 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-372193 // VULMON: CVE-2021-0291

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

sources: NVD: CVE-2021-0291

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-0291
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2021-0291
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-996
value: MEDIUM

Trust: 0.6

VULHUB: VHN-372193
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-0291
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-372193
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-0291
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-372193 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-996 // NVD: CVE-2021-0291 // NVD: CVE-2021-0291

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:CWE-497

Trust: 1.0

sources: VULHUB: VHN-372193 // NVD: CVE-2021-0291

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-996

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

EXTERNAL IDS

db:JUNIPERid:JSA11193

Trust: 1.8

db:NVDid:CVE-2021-0291

Trust: 1.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021071525

Trust: 0.6

db:CNNVDid:CNNVD-202107-996

Trust: 0.6

db:VULHUBid:VHN-372193

Trust: 0.1

db:VULMONid:CVE-2021-0291

Trust: 0.1

sources: VULHUB: VHN-372193 // VULMON: CVE-2021-0291 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-996 // NVD: CVE-2021-0291

REFERENCES

url:https://kb.juniper.net/jsa11193

Trust: 1.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071525

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-0291

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-35897

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-372193 // VULMON: CVE-2021-0291 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-996 // NVD: CVE-2021-0291

SOURCES

db:VULHUBid:VHN-372193
db:VULMONid:CVE-2021-0291
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-996
db:NVDid:CVE-2021-0291

LAST UPDATE DATE

2024-08-14T13:14:49.436000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-372193date:2022-07-26T00:00:00
db:VULMONid:CVE-2021-0291date:2021-07-15T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-996date:2021-10-25T00:00:00
db:NVDid:CVE-2021-0291date:2022-07-26T13:50:59.623

SOURCES RELEASE DATE

db:VULHUBid:VHN-372193date:2021-07-15T00:00:00
db:VULMONid:CVE-2021-0291date:2021-07-15T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-996date:2021-07-14T00:00:00
db:NVDid:CVE-2021-0291date:2021-07-15T20:15:10.943