ID

VAR-202110-1013


CVE

CVE-2021-0299


TITLE

Juniper Networks Junos OS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202110-972

DESCRIPTION

An Improper Handling of Exceptional Conditions vulnerability in the processing of a transit or directly received malformed IPv6 packet in Juniper Networks Junos OS results in a kernel crash, causing the device to restart, leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems with IPv6 configured. Devices with only IPv4 configured are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.4R1. The operating system provides a secure programming interface and Junos SDK. There is no relevant information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Trust: 1.08

sources: NVD: CVE-2021-0299 // VULHUB: VHN-372201 // VULMON: CVE-2021-0299

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

sources: NVD: CVE-2021-0299

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-0299
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2021-0299
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202110-972
value: HIGH

Trust: 0.6

VULHUB: VHN-372201
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-0299
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-372201
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2021-0299
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-372201 // CNNVD: CNNVD-202110-972 // NVD: CVE-2021-0299 // NVD: CVE-2021-0299

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.1

sources: VULHUB: VHN-372201 // NVD: CVE-2021-0299

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-972

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-972

PATCH

title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166587

Trust: 0.6

sources: CNNVD: CNNVD-202110-972

EXTERNAL IDS

db:JUNIPERid:JSA11213

Trust: 1.8

db:NVDid:CVE-2021-0299

Trust: 1.8

db:CNNVDid:CNNVD-202110-972

Trust: 0.7

db:CS-HELPid:SB2021101912

Trust: 0.6

db:AUSCERTid:ESB-2021.3433

Trust: 0.6

db:VULHUBid:VHN-372201

Trust: 0.1

db:VULMONid:CVE-2021-0299

Trust: 0.1

sources: VULHUB: VHN-372201 // VULMON: CVE-2021-0299 // CNNVD: CNNVD-202110-972 // NVD: CVE-2021-0299

REFERENCES

url:https://kb.juniper.net/jsa11213

Trust: 1.8

url:https://www.cybersecurity-help.cz/vdb/sb2021101912

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3433

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-36656

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-372201 // VULMON: CVE-2021-0299 // CNNVD: CNNVD-202110-972 // NVD: CVE-2021-0299

SOURCES

db:VULHUBid:VHN-372201
db:VULMONid:CVE-2021-0299
db:CNNVDid:CNNVD-202110-972
db:NVDid:CVE-2021-0299

LAST UPDATE DATE

2024-08-14T13:53:53.124000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-372201date:2021-10-26T00:00:00
db:VULMONid:CVE-2021-0299date:2021-10-19T00:00:00
db:CNNVDid:CNNVD-202110-972date:2021-10-27T00:00:00
db:NVDid:CVE-2021-0299date:2021-10-26T14:22:28.843

SOURCES RELEASE DATE

db:VULHUBid:VHN-372201date:2021-10-19T00:00:00
db:VULMONid:CVE-2021-0299date:2021-10-19T00:00:00
db:CNNVDid:CNNVD-202110-972date:2021-10-13T00:00:00
db:NVDid:CVE-2021-0299date:2021-10-19T19:15:08.413