PT-2021-12983 · Juniper Networks · Junos Evolved
Published
2021-10-19
·
Updated
2021-10-25
·
CVE-2021-0297
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Juniper Networks Junos OS Evolved versions prior to 20.3R2-S1-EVO
Juniper Networks Junos OS Evolved versions 20.4 prior to 20.4R2-EVO
Juniper Networks Junos OS Evolved versions 21.1 prior to 21.1R2-EVO
Description:
A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network.
Recommendations:
For versions prior to 20.3R2-S1-EVO, update to 20.3R2-S1-EVO or later.
For versions 20.4 prior to 20.4R2-EVO, update to 20.4R2-EVO or later.
For versions 21.1 prior to 21.1R2-EVO, update to 21.1R2-EVO or later.
Fix
Improper Handling of Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos Evolved