Details of VAR-202107-1233

ID

VAR-202107-1233

CVE

CVE-2021-0286

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A vulnerability in the handling of exceptional conditions in Juniper Networks Junos OS Evolved (EVO) allows an attacker to send specially crafted packets to the device, causing the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) process to crash and restart, impacting all traffic going through the FPC, resulting in a Denial of Service (DoS). Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. Following messages will be logged prior to the crash: Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:32710470974358 label:1089551617 for session:18 probe:35 Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:19241453497049 label:1089551617 for session:18 probe:37 Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:19241453497049 label:1089551617 for session:18 probe:44 Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:32710470974358 label:1089551617 for session:18 probe:47 Feb 2 10:14:39 fpc0 audit[16263]: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 pid=16263 comm="EvoAftManBt-mai" exe="/usr/sbin/evo-aftmand-bt" sig=11 Feb 2 10:14:39 fpc0 kernel: audit: type=1701 audit(1612260879.272:17): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=16263 comm="EvoAftManBt-mai" exe="/usr/sbin/evo-aftmand-bt" sig=1 This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.62

sources: NVD: CVE-2021-0286 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-372188 // VULMON: CVE-2021-0286

AFFECTED PRODUCTS

vendor:	juniper	model:	junos os evolved	scope:	eq	version:	20.2	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	21.1	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	19.2	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	19.4	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	20.1	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	19.3	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	20.3	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	20.4	Trust: 1.0

sources: NVD: CVE-2021-0286

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0286
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2021-0286
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-987
value:	HIGH
Trust: 0.6
VULHUB:	VHN-372188
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-0286
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-372188
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sirt@juniper.net:	CVE-2021-0286
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-372188 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-987 // NVD: CVE-2021-0286 // NVD: CVE-2021-0286

PROBLEMTYPE DATA

problemtype:	CWE-754	Trust: 1.1
problemtype:	CWE-703	Trust: 1.0

sources: VULHUB: VHN-372188 // NVD: CVE-2021-0286

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-987

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

EXTERNAL IDS

db:	NVD	id:	CVE-2021-0286	Trust: 1.8
db:	JUNIPER	id:	JSA11188	Trust: 1.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021071915	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-987	Trust: 0.6
db:	VULHUB	id:	VHN-372188	Trust: 0.1
db:	VULMON	id:	CVE-2021-0286	Trust: 0.1

sources: VULHUB: VHN-372188 // VULMON: CVE-2021-0286 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-987 // NVD: CVE-2021-0286

REFERENCES

url:	https://kb.juniper.net/jsa11188	Trust: 1.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071915	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0286	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-35897	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-372188 // VULMON: CVE-2021-0286 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-987 // NVD: CVE-2021-0286

SOURCES

db:	VULHUB	id:	VHN-372188
db:	VULMON	id:	CVE-2021-0286
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-987
db:	NVD	id:	CVE-2021-0286

LAST UPDATE DATE

2024-08-14T12:32:09.994000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-372188	date:	2021-10-25T00:00:00
db:	VULMON	id:	CVE-2021-0286	date:	2021-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-987	date:	2021-10-25T00:00:00
db:	NVD	id:	CVE-2021-0286	date:	2021-10-25T15:20:20.750

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-372188	date:	2021-07-15T00:00:00
db:	VULMON	id:	CVE-2021-0286	date:	2021-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-987	date:	2021-07-14T00:00:00
db:	NVD	id:	CVE-2021-0286	date:	2021-07-15T20:15:10.333