CVE-2021-0236

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 18.4 through 20.3 Juniper Networks Junos OS Evolved versions 18.4R1-EVO through 20.3R2-EVO

Description: The issue is caused by an improper check for unusual or exceptional conditions in the Routing Protocol Daemon (RPD) service. Upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, the RPD service crashes and restarts, causing a Denial of Service (DoS). This issue affects only Multiprotocol BGP (MP-BGP) VPNv6 FlowSpec deployments.

Recommendations: For Juniper Networks Junos OS versions 18.4 through 20.3, update to a version with the fix, such as 18.4R1-S8, 18.4R2-S7, 18.4R3-S7, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R3-S2, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.1R3, 20.2R2, 20.2R3, 20.3R1-S1, or 20.3R2. For Juniper Networks Junos OS Evolved versions 18.4R1-EVO through 20.3R2-EVO, update to version 20.3R2-EVO or later. As a temporary workaround, consider restricting the receipt and processing of the specific matching BGP packet to minimize the risk of exploitation.