PT-2021-12975 · Juniper Networks · Junos

Published

2021-04-22

·

Updated

2021-07-23

·

CVE-2021-0267

CVSS v3.1

7.4

High

VectorAV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 19.4 through 19.4R3-S1 Juniper Networks Junos OS versions 20.1 through 20.1R2-S1, 20.1R3 Juniper Networks Junos OS versions 20.2 through 20.2R3 Juniper Networks Junos OS versions 20.3 through 20.3R2
Description: An Improper Input Validation issue in the active-lease query portion of JDHCPD's DHCP Relay Agent in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending a crafted DHCP packet, crashing the jdhcpd DHCP service. This typically affects configurations for Broadband Subscriber Sessions, and continued receipt of the crafted packet creates a sustained Denial of Service condition.
Recommendations: For Juniper Networks Junos OS versions 19.4 through 19.4R3-S1, update to version 19.4R3-S1 or later. For Juniper Networks Junos OS versions 20.1 through 20.1R2-S1, 20.1R3, update to version 20.1R2-S1 or later, excluding 20.1R3. For Juniper Networks Junos OS versions 20.2 through 20.2R3, update to version 20.2R3 or later. For Juniper Networks Junos OS versions 20.3 through 20.3R2, update to version 20.3R2 or later.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2021-0267

Affected Products

Junos