#VU49548 Resource exhaustion in Juniper Junos OS


Published: 2021-01-14

Vulnerability identifier: #VU49548

Vulnerability risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0217

CWE-ID: CWE-400

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Juniper Junos OS
Operating systems & Components / Operating system

Vendor: Juniper Networks, Inc.

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing DHCP packets from adjacent clients on EX Series and QFX Series switches. An attacker on the local network can send specially crafted HDCP packets to the affected system and exhaust DMA memory or crash the fxpc process.

Mitigation

Install updates from vendor's website.

This issue affects Juniper Networks Junos OS on EX Series and QFX Series:

  • 17.4R3 versions prior to 17.4R3-S3;
  • 18.1R3 versions between 18.1R3-S6 and 18.1R3-S11;
  • 18.2R3 versions prior to 18.2R3-S6;
  • 18.3R3 versions prior to 18.3R3-S4;
  • 18.4R2 versions prior to 18.4R2-S5;
  • 18.4R3 versions prior to 18.4R3-S6;
  • 19.1 versions between 19.1R2 and 19.1R3-S3;
  • 19.2 versions prior to 19.2R3-S1;
  • 19.3 versions prior to 19.3R2-S5, 19.3R3;
  • 19.4 versions prior to 19.4R2-S2, 19.4R3;
  • 20.1 versions prior to 20.1R2;
  • 20.2 versions prior to 20.2R1-S2, 20.2R2.

Junos OS versions prior to 17.4R3 are unaffected by this vulnerability.

Vulnerable software versions

Juniper Junos OS: 18.4 - 18.4R3-S5, 18.4R1-S5, 18.4R2-S3, 18.3 - 18.3R3-S3, 18.3R2-S3, 18.3R3-S1, 20.3, 20.2 - 20.2R1-S3, 19.4 - 19.4R2-S8, 19.4R1 - 19.4R1-S4, 19.3 - 19.3R1, 19.3R1-S1, 19.3R2 - 19.3R2-S7, 19.2 - 19.2R3, 19.2R1-S4, 19.1 - 19.1R3-S2, 19.1R1-S4, 17.4 - 17.4R3-S2, 17.4R2-S9, 18.2 - 18.2R3-S5, 18.1 - 18.1R3-S10, 20.1 - 20.1R1-S4

External links
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11107&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Denial of serivce when processing DHCP traffic in Juniper Junos OS