Main Vulnerability Database Vulnerabilities #VU49559

Memory leak in Juniper Junos OS - CVE-2021-0202

Published: January 15, 2021

Vulnerability identifier: #VU49559

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-0202

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Juniper Networks, Inc.

Affected software:
Juniper Junos OS

Detailed vulnerability description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak when Integrated Routing and Bridging (IRB) interface is mapped to a VPLS instance or a Bridge-Domain. A remote attacker can trigger memory leak in the MPC which can cause an out of memory and MPC restarts.

How to mitigate CVE-2021-0202

Install updates from vendor's website.

This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series:

17.3R3-S8;

17.4R3-S2;

18.2R3-S4, 18.2R3-S5;

18.3R3-S2, 18.3R3-S3;

18.4 versions starting from 18.4R3-S1 and later versions prior to 18.4R3-S6;

19.2 versions starting from 19.2R2 and later versions prior to 19.2R3-S1;

19.4 versions starting from 19.4R2 and later versions prior to 19.4R2-S3, 19.4R3;

20.2 versions starting from 20.2R1 and later versions prior to 20.2R1-S3, 20.2R2.

This issue does not affect Juniper Networks Junos OS: 18.1, 19.1, 19.3, 20.1.

Sources

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11092&cat=SIRT_1&actp=LIST

Memory leak in Juniper Junos OS - CVE-2021-0202

Detailed vulnerability description

How to mitigate CVE-2021-0202

Sources

Please verify you're human