Details of VAR-202110-0401

ID

VAR-202110-0401

CVE

CVE-2021-0297

TITLE

Juniper Networks Junos OS Evolved Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013944

DESCRIPTION

A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue. The operating system provides a secure programming interface and Junos SDK

Trust: 1.8

sources: NVD: CVE-2021-0297 // JVNDB: JVNDB-2021-013944 // VULHUB: VHN-372199 // VULMON: CVE-2021-0297

AFFECTED PRODUCTS

vendor:	juniper	model:	junos os evolved	scope:	eq	version:	21.1	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	20.3	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	20.4	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	junos os evolved	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-013944 // NVD: CVE-2021-0297

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0297
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2021-0297
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-0297
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202110-991
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-372199
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-0297
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-0297
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-372199
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-0297
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-013944
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-372199 // VULMON: CVE-2021-0297 // JVNDB: JVNDB-2021-013944 // CNNVD: CNNVD-202110-991 // NVD: CVE-2021-0297 // NVD: CVE-2021-0297

PROBLEMTYPE DATA

problemtype:	CWE-755	Trust: 1.1
problemtype:	Improper handling in exceptional conditions (CWE-755) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-372199 // JVNDB: JVNDB-2021-013944 // NVD: CVE-2021-0297

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-991

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202110-991

PATCH

title:

JSA11211

url:

https://supportportal.juniper.net/s/article/2021-10-Security-Bulletin-Junos-OS-Evolved-BGP-and-LDP-sessions-with-TCP-MD5-authentication-established-with-peers-not-configured-for-authentication-CVE-2021-0297?language=en_US

Trust: 0.8

sources: JVNDB: JVNDB-2021-013944

EXTERNAL IDS

db:	NVD	id:	CVE-2021-0297	Trust: 3.4
db:	JUNIPER	id:	JSA11211	Trust: 1.8
db:	JVNDB	id:	JVNDB-2021-013944	Trust: 0.8
db:	CNNVD	id:	CNNVD-202110-991	Trust: 0.7
db:	CS-HELP	id:	SB2021101805	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3421	Trust: 0.6
db:	VULHUB	id:	VHN-372199	Trust: 0.1
db:	VULMON	id:	CVE-2021-0297	Trust: 0.1

sources: VULHUB: VHN-372199 // VULMON: CVE-2021-0297 // JVNDB: JVNDB-2021-013944 // CNNVD: CNNVD-202110-991 // NVD: CVE-2021-0297

REFERENCES

url:	https://kb.juniper.net/jsa11211	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0297	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021101805	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3421	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-36656	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/755.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-372199 // VULMON: CVE-2021-0297 // JVNDB: JVNDB-2021-013944 // CNNVD: CNNVD-202110-991 // NVD: CVE-2021-0297

SOURCES

db:	VULHUB	id:	VHN-372199
db:	VULMON	id:	CVE-2021-0297
db:	JVNDB	id:	JVNDB-2021-013944
db:	CNNVD	id:	CNNVD-202110-991
db:	NVD	id:	CVE-2021-0297

LAST UPDATE DATE

2024-08-14T15:37:53.159000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-372199	date:	2021-10-25T00:00:00
db:	VULMON	id:	CVE-2021-0297	date:	2021-10-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-013944	date:	2022-09-30T01:59:00
db:	CNNVD	id:	CNNVD-202110-991	date:	2021-10-26T00:00:00
db:	NVD	id:	CVE-2021-0297	date:	2021-10-25T15:20:01.207

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-372199	date:	2021-10-19T00:00:00
db:	VULMON	id:	CVE-2021-0297	date:	2021-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-013944	date:	2022-09-30T00:00:00
db:	CNNVD	id:	CNNVD-202110-991	date:	2021-10-13T00:00:00
db:	NVD	id:	CVE-2021-0297	date:	2021-10-19T19:15:08.290