CVE-2021-31354

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 19.2R3-S3 Juniper Networks Junos OS versions 19.3 prior to 19.3R3-S3 Juniper Networks Junos OS versions 20.1 prior to 20.1R2-S2, 20.1R3-S1 Juniper Networks Junos OS versions 20.2 prior to 20.2R3-S2 Juniper Networks Junos OS versions 20.3 prior to 20.3R3 Juniper Networks Junos OS versions 20.4 prior to 20.4R3 Juniper Networks Junos OS versions 21.1 prior to 21.1R2 Juniper Networks Junos OS Evolved versions 20.1R1-EVO and later versions, prior to 21.2R2-EVO

Description An Out Of Bounds (OOB) access issue in the handling of responses by a Juniper Agile License (JAL) Client in Juniper Networks Junos OS and Junos OS Evolved, configured in Network Mode, may allow an attacker to cause a partial Denial of Service (DoS), or lead to remote code execution (RCE). The issue exists in the packet parsing logic on the client that processes the response from the server using a custom protocol. An attacker with control of a JAL License Manager, or with access to the local broadcast domain, may be able to spoof a new JAL License Manager and/or craft a response to the Junos OS License Client, leading to exploitation of this issue. This issue only affects Junos systems configured in Network Mode.

Recommendations For Juniper Networks Junos OS versions prior to 19.2R3-S3, update to version 19.2R3-S3 or later. For Juniper Networks Junos OS versions 19.3 prior to 19.3R3-S3, update to version 19.3R3-S3 or later. For Juniper Networks Junos OS versions 20.1 prior to 20.1R2-S2, 20.1R3-S1, update to version 20.1R2-S2, 20.1R3-S1 or later. For Juniper Networks Junos OS versions 20.2 prior to 20.2R3-S2, update to version 20.2R3-S2 or later. For Juniper Networks Junos OS versions 20.3 prior to 20.3R3, update to version 20.3R3 or later. For Juniper Networks Junos OS versions 20.4 prior to 20.4R3, update to version 20.4R3 or later. For Juniper Networks Junos OS versions 21.1 prior to 21.1R2, update to version 21.1R2 or later. For Juniper Networks Junos OS Evolved versions 20.1R1-EVO and later versions, prior to 21.2R2-EVO, update to version 21.2R2-EVO or later.