#VU49516 NULL pointer dereference in Juniper Junos OS - CVE-2021-0206
Published: January 13, 2021
Vulnerability identifier: #VU49516
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-0206
CWE-ID: CWE-476
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Juniper Junos OS
Juniper Junos OS
Software vendor:
Juniper Networks, Inc.
Juniper Networks, Inc.
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in Juniper Networks Junos OS when SSL Proxy is configured. A remote attacker can send specially crafted packet to the system causing the packet forwarding engine (PFE) to crash and restart
Remediation
This issue affects Juniper Networks Junos OS on NFX Series and SRX Series:
- 18.3 versions prior to 18.3R3-S4;
- 18.4 versions prior to 18.4R3-S1;
- 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3;
- 19.2 versions prior to 19.2R1-S2, 19.2R2;
- 19.3 versions prior to 19.3R2.
Install updates from vendor's website.