Details of VAR-202108-2101

ID

VAR-202108-2101

CVE

CVE-2021-0284

TITLE

Juniper Networks Junos OS Buffer Overflow Vulnerability in Linux

Trust: 0.8

sources: JVNDB: JVNDB-2021-009765

DESCRIPTION

A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Service (DoS) condition. The device will abnormally shut down as a result of these sent packets. A potential indicator of compromise will be the following message in the log files: "eventd[13955]: SYSTEM_ABNORMAL_SHUTDOWN: System abnormally shut down" This issue is only triggered by traffic destined to the device. Transit traffic will not trigger this issue. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 17.3 versions prior to 17.3R3-S12; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R1-S1, 21.2R2. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-0284 // JVNDB: JVNDB-2021-009765 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-372186 // VULMON: CVE-2021-0284

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	17.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	21.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	21.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.3	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	12.3r12-s19	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	17.3r3-s12	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	19.3r2-s7	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	lt	version:	18.4	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	19.2r1-s7	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	19.3r3-s3	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	lt	version:	19.3	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	lt	version:	15.1	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	lt	version:	19.2	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	lt	version:	19.1	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	lt	version:	17.3	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	lt	version:	12.3	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	19.2r3-s3	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	15.1r7-s10	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	18.4r2-s9	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	-	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	19.1r3-s7	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	18.4r3-s9	Trust: 0.8

sources: JVNDB: JVNDB-2021-009765 // NVD: CVE-2021-0284

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0284
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2021-0284
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-0284
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-997
value:	HIGH
Trust: 0.6
VULHUB:	VHN-372186
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-0284
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-0284
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-372186
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sirt@juniper.net:	CVE-2021-0284
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2021-009765
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-372186 // VULMON: CVE-2021-0284 // JVNDB: JVNDB-2021-009765 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-997 // NVD: CVE-2021-0284 // NVD: CVE-2021-0284

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.1
problemtype:	Classic buffer overflow (CWE-120) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-372186 // JVNDB: JVNDB-2021-009765 // NVD: CVE-2021-0284

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-997

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

JSA11200

url:

https://kb.juniper.net/JSA11200

Trust: 0.8

sources: JVNDB: JVNDB-2021-009765

EXTERNAL IDS

db:	NVD	id:	CVE-2021-0284	Trust: 3.4
db:	JUNIPER	id:	JSA11200	Trust: 1.8
db:	JVNDB	id:	JVNDB-2021-009765	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021071919	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2435.3	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-997	Trust: 0.6
db:	VULHUB	id:	VHN-372186	Trust: 0.1
db:	VULMON	id:	CVE-2021-0284	Trust: 0.1

sources: VULHUB: VHN-372186 // VULMON: CVE-2021-0284 // JVNDB: JVNDB-2021-009765 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-997 // NVD: CVE-2021-0284

REFERENCES

url:	https://kb.juniper.net/jsa11200	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0284	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2435.3	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071919	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-35897	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2021-0284	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-372186 // VULMON: CVE-2021-0284 // JVNDB: JVNDB-2021-009765 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-997 // NVD: CVE-2021-0284

SOURCES

db:	VULHUB	id:	VHN-372186
db:	VULMON	id:	CVE-2021-0284
db:	JVNDB	id:	JVNDB-2021-009765
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-997
db:	NVD	id:	CVE-2021-0284

LAST UPDATE DATE

2024-08-14T13:11:01.316000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-372186	date:	2022-09-03T00:00:00
db:	VULMON	id:	CVE-2021-0284	date:	2022-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-009765	date:	2022-05-19T08:09:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-997	date:	2021-11-29T00:00:00
db:	NVD	id:	CVE-2021-0284	date:	2022-09-03T03:57:46.290

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-372186	date:	2021-08-17T00:00:00
db:	VULMON	id:	CVE-2021-0284	date:	2021-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-009765	date:	2022-05-19T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-997	date:	2021-07-14T00:00:00
db:	NVD	id:	CVE-2021-0284	date:	2021-08-17T23:15:07.403