#VU49557 Security features bypass in Juniper Junos OS - CVE-2021-0205
Published: January 15, 2021
Vulnerability identifier: #VU49557
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-0205
CWE-ID: CWE-254
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Juniper Junos OS
Juniper Junos OS
Software vendor:
Juniper Networks, Inc.
Juniper Networks, Inc.
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in dynamic filter implementation, when the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix. The filter may incorrectly match the prefix as /32, causing the filter to block unexpected traffic.
Remediation
Install updates from vendor's website.
This issue affects Juniper Networks Junos OS:
- 17.3 versions prior to 17.3R3-S10 on MX Series;
- 17.4 versions prior to 17.4R3-S3 on MX Series;
- 18.1 versions prior to 18.1R3-S11 on MX Series;
- 18.2 versions prior to 18.2R3-S6 on MX Series;
- 18.3 versions prior to 18.3R3-S4 on MX Series;
- 18.4 versions prior to 18.4R3-S6 on MX Series;
- 19.1 versions prior to 19.1R2-S2, 19.1R3-S3 on MX Series;
- 19.2 versions prior to 19.2R3-S1 on MX Series;
- 19.3 versions prior to 19.3R2-S5, 19.3R3-S1 on MX Series;
- 19.4 versions prior to 19.4R3 on MX Series;
- 20.1 versions prior to 20.1R2 on MX Series;
- 20.2 versions prior to 20.2R2 on MX Series;