#VU49560 Input validation error in Junos OS Evolved and Juniper Junos OS - CVE-2021-0208


Vulnerability identifier: #VU49560

Vulnerability risk: High

CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2021-0208

CWE-ID: CWE-20

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Junos OS Evolved
Operating systems & Components / Operating system
Juniper Junos OS
Operating systems & Components / Operating system

Vendor: Juniper Networks, Inc.

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in the Routing Protocol Daemon (RPD) service. A remote attacker can send specially crafted RSVP packets when bidirectional LSPs and perform a denial of service attack or execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

This issue affects:

Juniper Networks Junos OS:

  • All versions prior to 17.3R3-S10 except 15.1X49-D240 for SRX series;
  • 17.4 versions prior to 17.4R3-S2;
  • 18.1 versions prior to 18.1R3-S10;
  • 18.2 versions prior to 18.2R2-S7, 18.2R3-S4;
  • 18.3 versions prior to 18.3R3-S2;
  • 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S2;
  • 19.1 versions prior to 19.1R1-S5, 19.1R3-S3;
  • 19.2 versions prior to 19.2R3;
  • 19.3 versions prior to 19.3R2-S5, 19.3R3;
  • 19.4 versions prior to 19.4R2-S2, 19.4R3-S1;
  • 20.1 versions prior to 20.1R1-S4, 20.1R2;
  • 15.1X49 versions prior to 15.1X49-D240 on SRX Series.

Juniper Networks Junos OS Evolved:

  • 19.3 versions prior to 19.3R2-S5-EVO;
  • 19.4 versions prior to 19.4R2-S2-EVO;
  • 20.1 versions prior to 20.1R1-S4-EVO.

Vulnerable software versions

Junos OS Evolved: 19.4, 20.1R1-EVO, 20.1R1-S2-EVO, 20.1

Juniper Junos OS: 15.1F2-S1, 15.1F2-S2, 15.1F2-S3, 15.1F2-S4, 15.1F2-S5, 15.1F2-S6, 15.1F2-S7, 15.1F2-S8, 15.1F2-S9, 15.1F2-S10, 15.1F2-S11, 15.1F2-S12, 15.1F2-S13, 15.1F2-S14, 15.1F2-S15, 15.1F2-S16, 15.1F2-S17, 15.1F2-S18, 15.1F2-S19, 15.1F2-S20, 15.1R4-S1, 15.1R4-S2, 15.1R4-S3, 15.1R4-S4, 15.1R4-S5, 15.1R4-S6, 15.1R4-S7, 15.1F4-S1-J1, 15.1F4-S2, 15.1R4-S8, 15.1R4-S9, 15.1R5-S4, 15.1R5-S5, 15.1R5-S7, 15.1R5-S51, 15.1R5-S52, 15.1R5-S53, 15.1R5-S54, 15.1R5-S55, 15.1R5-S56, 15.1F5-S1, 15.1R5-S57, 15.1F5-S2, 15.1F5-S3, 15.1F5-S4, 15.1F5-S5, 15.1R6-S4, 15.1R6-S6, 15.1F6-S1, 15.1F6-S2, 15.1F6-S3, 15.1F6-S4, 15.1F6-S5, 15.1R6-S5, 15.1F6-S6, 15.1R6-S3, 15.1F6-S7, 15.1R6-S1, 15.1R6-S2, 15.1F6-S8, 15.1F6-S9, 15.1F6-S10, 15.1F6-S12, 15.1F6-S13, 15.1F7-S1, 15.1R7-S2, 15.1R7-S3, 15.1F7-S2, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1R7-S7, 15.1R7-S8, 15.1R7-S9, 15.1R7-S10, 15.1R7-S11, 15.1R7-S12, 15.1R7-S13, 15.1X49-D10, 15.1X49-D20, 15.1X49-D30, 15.1X49-D35, 15.1X49-D40, 15.1X49-D45, 15.1X49-D50, 15.1X49-D60, 15.1X49-D65, 15.1X49-D70, 15.1X49-D75, 15.1X49-D80, 15.1X49-D90, 15.1X49-D100, 15.1X49-D101, 15.1X49-D110, 15.1X49-D120, 15.1X49-D130, 15.1X49-D131, 15.1X49-D140, 15.1X49-D150, 15.1X49-D160, 15.1X49-D161, 15.1X49-D170, 15.1X49-D171, 15.1X49-D180, 15.1x49-D181, 15.1x49-D190, 15.1X49-D200, 15.1X49-D210, 15.1X49-D211, 15.1X49-D220, 15.1X49-D221, 15.1X49-D230, 15.1, 15.1R1, 15.1F1, 15.1R2, 15.1F2, 15.1R3, 15.1F3, 15.1R4, 15.1F4, 15.1R5, 15.1F5, 15.1R6, 15.1X49, 15.1F, 15.1R, 15.1F6, 15.1F7, 15.1R7, 17.3R1-S1, 17.3R1-S2, 17.3R1-S3, 17.3R1-S4, 17.3R2-S2, 17.3R2-S4, 17.3R2-S5, 17.3R3-S1, 17.3R3-S2, 17.3R3-S3, 17.3R3-S4, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.3R3-S9, 17.3, 17.3R1, 17.3R2, 17.3R3, 17.4R1-S1, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R1-S5, 17.4R1-S6, 17.4R1-S7, 17.4R1-S8, 17.4R2-S1, 17.4R2-S2, 17.4R2-S3, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 17.4R2-S7, 17.4R2-S8, 17.4R2-S9, 17.4R2-S10, 17.4R2-S11, 17.4R2-S12, 17.4R2-S13, 17.4R3-S1, 17.4, 17.4R1, 17.4R2, 17.4R3, 18.1R2-S2, 18.1R2-S3, 18.1R2-S4, 18.1R3-S1, 18.1R3-S2, 18.1R3-S3, 18.1R3-S4, 18.1R3-S5, 18.1R3-S6, 18.1R3-S7, 18.1R3-S8, 18.1R3-S9, 18.1, 18.1R1, 18.1R2, 18.1R3, 18.2R1-S3, 18.2R1-S4, 18.2R1-S5, 18.2R2-S1, 18.2R2-S2, 18.2R2-S3, 18.2R2-S4, 18.2R2-S5, 18.2R2-S6, 18.2R2-S8, 18.2R3-S1, 18.2R3-S2, 18.2R3-S3, 18.2, 18.2R1, 18.2R2, 18.2R3, 18.3R1-S1, 18.3R1-S2, 18.3R1-S3, 18.3R1-S4, 18.3R1-S5, 18.3R1-S6, 18.3R1-S7, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R2-S4, 18.3R3-S1, 18.3, 18.3R1, 18.3R2, 18.3R3, 18.4R1-S1, 18.4R1-S2, 18.4R1-S3, 18.4R1-S4, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2-S1, 18.4R2-S2, 18.4R2-S3, 18.4R2-S4, 18.4R2-S5, 18.4R2-S7, 18.4R2-S8, 18.4R2-S9, 18.4R2-S10, 18.4R3-S1, 18.4, 18.4R1, 18.4R2, 18.4R3, 19.1R1-S1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R1-S6, 19.1R2-S1, 19.1R2-S2, 19.1R2-S3, 19.1R3-S1, 19.1R3-S2, 19.1, 19.1R1, 19.1R2, 19.1R3, 19.1R, 19.2R1-S1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R1-S6, 19.2R1-S7, 19.2R1-S8, 19.2R1-S9, 19.2R2-S1, 19.2, 19.2R1, 19.2R2, 19.3R1-S1, 19.3R2-S1, 19.3R2-S2, 19.3R2-S3, 19.3R2-S4, 19.3R2-S6, 19.3R2-S7, 19.3, 19.3R1, 19.3R2, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R1-S4, 19.4R2-S1, 19.4R2-S3, 19.4R2-S4, 19.4R2-S5, 19.4R2-S6, 19.4R2-S7, 19.4R2-S8, 19.4, 19.4R1, 19.4R2, 19.4R3, 20.1R1-S1, 20.1R1-S2, 20.1R1-S3, 20.1, 20.1R1, 20.2

External links
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11098&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Remote code execution in Junos OS and Junos OS Evolved