Vulnerability identifier: #VU49577

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0207

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Juniper Junos OS
Operating systems & Components / Operating system

Vendor: Juniper Networks, Inc.

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices. As a result, certain traffic is not passed through the device upon receipt from an ingress interface filtering certain specific types of traffic, which is then being redirected to an egress interface on a different VLAN. This causes a Denial of Service (DoS) to those clients sending these particular types of traffic.

Such traffic being sent by a client may appear genuine, but is non-standard in nature and should be considered as potentially malicious, and can be targeted to the device, or destined through it for the issue to occur.

This issues affects IPv4 and IPv6 traffic.

Mitigation

Install update from vendor's website.

Juniper Networks Junos OS:

• 17.3 versions prior to 17.3R3-S7 on NFX250, QFX5K Series, EX4600;
• 17.4 versions prior to 17.4R2-S11, 17.4R3-S3 on NFX250, QFX5K Series, EX4600;
• 18.1 versions prior to 18.1R3-S9 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4600;
• 18.2 versions prior to 18.2R3-S3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600;
• 18.3 versions prior to 18.3R3-S1 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series;
• 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series;
• 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series;
• 19.2 versions prior to 19.2R1-S5, 19.2R2 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series;
• 19.3 versions prior to 19.3R2-S3, 19.3R3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series;
• 19.4 versions prior to 19.4R1-S2, 19.4R2 on NFX250, NFX350, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series.

This issue does not affect Junos OS releases prior to 17.2R2.

Vulnerable software versions

Juniper Junos OS: 20.1, 17.4 - 17.4R3-S2, 17.4R2-S9, 19.2 - 19.2R1-S9, 19.2R1-S4, 19.4, 19.4R1 - 19.4R1-S4, 19.3 - 19.3R1, 19.3R1-S1, 19.3R2 - 19.3R2-S7, 19.1 - 19.1R2-S3, 19.1R1-S4, 18.1 - 18.1R3-S8, 18.2 - 18.2R3-S2, 18.3 - 18.3R3, 18.3R2-S3, 18.4 - 18.4R2-S10, 17.3 - 17.3R3-S6

---

External links
http://kb.juniper.net/JSA11097

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.