Details of VAR-202110-1013

ID

VAR-202110-1013

CVE

CVE-2021-0299

TITLE

Juniper Networks Junos OS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202110-972

DESCRIPTION

An Improper Handling of Exceptional Conditions vulnerability in the processing of a transit or directly received malformed IPv6 packet in Juniper Networks Junos OS results in a kernel crash, causing the device to restart, leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems with IPv6 configured. Devices with only IPv4 configured are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.4R1. The operating system provides a secure programming interface and Junos SDK. There is no relevant information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Trust: 1.08

sources: NVD: CVE-2021-0299 // VULHUB: VHN-372201 // VULMON: CVE-2021-0299

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	20.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.4	Trust: 1.0

sources: NVD: CVE-2021-0299

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0299
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2021-0299
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202110-972
value:	HIGH
Trust: 0.6
VULHUB:	VHN-372201
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-0299
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-372201
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sirt@juniper.net:	CVE-2021-0299
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-372201 // CNNVD: CNNVD-202110-972 // NVD: CVE-2021-0299 // NVD: CVE-2021-0299

PROBLEMTYPE DATA

problemtype:

CWE-755

Trust: 1.1

sources: VULHUB: VHN-372201 // NVD: CVE-2021-0299

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-972

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-972

PATCH

title:

Juniper Networks Junos OS Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166587

Trust: 0.6

sources: CNNVD: CNNVD-202110-972

EXTERNAL IDS

db:	JUNIPER	id:	JSA11213	Trust: 1.8
db:	NVD	id:	CVE-2021-0299	Trust: 1.8
db:	CNNVD	id:	CNNVD-202110-972	Trust: 0.7
db:	CS-HELP	id:	SB2021101912	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3433	Trust: 0.6
db:	VULHUB	id:	VHN-372201	Trust: 0.1
db:	VULMON	id:	CVE-2021-0299	Trust: 0.1

sources: VULHUB: VHN-372201 // VULMON: CVE-2021-0299 // CNNVD: CNNVD-202110-972 // NVD: CVE-2021-0299

REFERENCES

url:	https://kb.juniper.net/jsa11213	Trust: 1.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021101912	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3433	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-36656	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-372201 // VULMON: CVE-2021-0299 // CNNVD: CNNVD-202110-972 // NVD: CVE-2021-0299

SOURCES

db:	VULHUB	id:	VHN-372201
db:	VULMON	id:	CVE-2021-0299
db:	CNNVD	id:	CNNVD-202110-972
db:	NVD	id:	CVE-2021-0299

LAST UPDATE DATE

2024-08-14T13:53:53.124000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-372201	date:	2021-10-26T00:00:00
db:	VULMON	id:	CVE-2021-0299	date:	2021-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202110-972	date:	2021-10-27T00:00:00
db:	NVD	id:	CVE-2021-0299	date:	2021-10-26T14:22:28.843

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-372201	date:	2021-10-19T00:00:00
db:	VULMON	id:	CVE-2021-0299	date:	2021-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202110-972	date:	2021-10-13T00:00:00
db:	NVD	id:	CVE-2021-0299	date:	2021-10-19T19:15:08.413