Main Vulnerability Database SB2021011545

SB2021011545 - DoS in dynamic filter implementation in Juniper Junos OS

Published: January 15, 2021

Security Bulletin ID SB2021011545

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security features bypass (CVE-ID: CVE-2021-0205)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in dynamic filter implementation, when the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix. The filter may incorrectly match the prefix as /32, causing the filter to block unexpected traffic.

Remediation

Install update from vendor's website.

References

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11095&cat=SIRT_1&actp=LIST