Denial of service when handling BGP VPNv6 flowspec messages in Juniper Junos OS and OS Evolved
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-0236 |
| CWE-ID | CWE-754 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Juniper Junos OS Operating systems & Components / Operating system Junos OS Evolved Operating systems & Components / Operating system |
| Vendor | Juniper Networks, Inc. |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Improper Check for Unusual or Exceptional Conditions
EUVDB-ID: #VU52286
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0236
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform denial of service attack.
The vulnerability exists due to improper check for unusual or exceptional conditions within the Routing Protocol Daemon (RPD) service when handling BGP VPNv6 flowspec messages. A remote user attacker can send specific matching BGP packet, which meets a specific term in the flowspec configuration and crash the service.
Install updates from vendor's website.
Vulnerable software versionsJuniper Junos OS: 18.4 - 20.4
Junos OS Evolved: 20.3 - 20.4
External linkshttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA11131&cat=SIRT_1&actp=LIST
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
