#VU49559 Memory leak in Juniper Junos OS - CVE-2021-0202 

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU49559

#VU49559 Memory leak in Juniper Junos OS - CVE-2021-0202

Published: January 15, 2021


Vulnerability identifier: #VU49559
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-0202
CWE-ID: CWE-401
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
Juniper Junos OS
Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak when Integrated Routing and Bridging (IRB) interface is mapped to a VPLS instance or a Bridge-Domain. A remote attacker can trigger memory leak in the MPC which can cause an out of memory and MPC restarts.


Remediation

Install updates from vendor's website.

This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series:

17.3R3-S8;

17.4R3-S2;

18.2R3-S4, 18.2R3-S5;

18.3R3-S2, 18.3R3-S3;

18.4 versions starting from 18.4R3-S1 and later versions prior to 18.4R3-S6;

19.2 versions starting from 19.2R2 and later versions prior to 19.2R3-S1;

19.4 versions starting from 19.4R2 and later versions prior to 19.4R2-S3, 19.4R3;

20.2 versions starting from 20.2R1 and later versions prior to 20.2R1-S3, 20.2R2.

This issue does not affect Juniper Networks Junos OS: 18.1, 19.1, 19.3, 20.1.

External links