ID

VAR-202110-0438


CVE

CVE-2021-31363


TITLE

Juniper Networks Junos OS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202110-968

DESCRIPTION

In an MPLS P2MP environment a Loop with Unreachable Exit Condition vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause high load on RPD which in turn may lead to routing protocol flaps. If a system with sensor-based-stats enabled receives a specific LDP FEC this can lead to the above condition. Continued receipted of such an LDP FEC will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 19.2 version 19.2R2 and later versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R2-S3-EVO; 20.3 versions prior to 20.3R1-S2-EVO. The operating system provides a secure programming interface and Junos SDK. There is no relevant information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Trust: 1.08

sources: NVD: CVE-2021-31363 // VULHUB: VHN-391111 // VULMON: CVE-2021-31363

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

sources: NVD: CVE-2021-31363

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-31363
value: LOW

Trust: 1.0

sirt@juniper.net: CVE-2021-31363
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202110-968
value: MEDIUM

Trust: 0.6

VULHUB: VHN-391111
value: LOW

Trust: 0.1

VULMON: CVE-2021-31363
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-31363
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-391111
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2021-31363
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-391111 // VULMON: CVE-2021-31363 // CNNVD: CNNVD-202110-968 // NVD: CVE-2021-31363 // NVD: CVE-2021-31363

PROBLEMTYPE DATA

problemtype:CWE-835

Trust: 1.1

sources: VULHUB: VHN-391111 // NVD: CVE-2021-31363

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202110-968

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-968

PATCH

title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166244

Trust: 0.6

sources: CNNVD: CNNVD-202110-968

EXTERNAL IDS

db:JUNIPERid:JSA11225

Trust: 1.8

db:NVDid:CVE-2021-31363

Trust: 1.8

db:CNNVDid:CNNVD-202110-968

Trust: 0.7

db:CS-HELPid:SB2021101804

Trust: 0.6

db:VULHUBid:VHN-391111

Trust: 0.1

db:VULMONid:CVE-2021-31363

Trust: 0.1

sources: VULHUB: VHN-391111 // VULMON: CVE-2021-31363 // CNNVD: CNNVD-202110-968 // NVD: CVE-2021-31363

REFERENCES

url:https://kb.juniper.net/jsa11225

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-31363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101804

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-36656

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/835.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-391111 // VULMON: CVE-2021-31363 // CNNVD: CNNVD-202110-968 // NVD: CVE-2021-31363

SOURCES

db:VULHUBid:VHN-391111
db:VULMONid:CVE-2021-31363
db:CNNVDid:CNNVD-202110-968
db:NVDid:CVE-2021-31363

LAST UPDATE DATE

2024-08-14T14:11:13.649000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-391111date:2021-10-25T00:00:00
db:VULMONid:CVE-2021-31363date:2021-10-25T00:00:00
db:CNNVDid:CNNVD-202110-968date:2021-10-28T00:00:00
db:NVDid:CVE-2021-31363date:2021-10-25T17:14:47.863

SOURCES RELEASE DATE

db:VULHUBid:VHN-391111date:2021-10-19T00:00:00
db:VULMONid:CVE-2021-31363date:2021-10-19T00:00:00
db:CNNVDid:CNNVD-202110-968date:2021-10-13T00:00:00
db:NVDid:CVE-2021-31363date:2021-10-19T19:15:09.310