CVE-2021-0249

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on SRX Series versions 15.1X49 through 15.1X49-D189 Juniper Networks Junos OS on SRX Series versions 17.4 through 17.4R2-S8 Juniper Networks Junos OS on SRX Series versions 17.4R3 through 18.1R3-S8 Juniper Networks Junos OS on SRX Series versions 18.2 through 18.2R3-S0 Juniper Networks Junos OS on SRX Series versions 18.3 through 18.3R2-S2 Juniper Networks Junos OS on SRX Series versions 18.3R3 through 18.3R3 Juniper Networks Junos OS on SRX Series versions 18.4 through 18.4R2-S2 Juniper Networks Junos OS on SRX Series versions 18.4R3 through 18.4R3 Juniper Networks Junos OS on SRX Series versions 19.1 through 19.1R1-S3 Juniper Networks Junos OS on SRX Series versions 19.1R2 through 19.1R2 Juniper Networks Junos OS on SRX Series versions 19.2 through 19.2R1-S0 Juniper Networks Junos OS on SRX Series versions 19.2R2 through 19.2R2

Description: A buffer overflow vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS may allow an attacker to arbitrarily execute code or commands on the target to take over or otherwise impact the device by sending crafted packets to or through the device. An indicator of compromise can be the following text in the UTM log: RT UTM: AV FILE NOT SCANNED PASSED MT.

Recommendations: Update to version 15.1X49-D190 or later for 15.1X49 versions. Update to version 17.4R2-S9 or later for 17.4 versions. Update to version 18.1R3-S9 or later for 17.4R3 and later versions. Update to version 18.2R3-S1 or later for 18.2 versions. Update to version 18.3R2-S3 or later for 18.3 versions prior to 18.3R2-S3. Update to version 18.3R3 or later for 18.3R3 version. Update to version 18.4R2-S3 or later for 18.4 versions prior to 18.4R2-S3. Update to version 18.4R3 or later for 18.4R3 version. Update to version 19.1R1-S4 or later for 19.1 versions prior to 19.1R1-S4. Update to version 19.1R2 or later for 19.1R2 version. Update to version 19.2R1-S1 or later for 19.2 versions prior to 19.2R1-S1. Update to version 19.2R2 or later for 19.2R2 version.