CVE-2021-0209

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS Evolved versions 19.4 through 19.4R2-S2-EVO Juniper Networks Junos OS Evolved versions 20.1 through 20.1R1-S2-EVO Juniper Networks Junos OS Evolved version 20.1R2-S1-EVO

Description: The issue is related to access to an uninitialized pointer in Junos OS Evolved. An attacker can exploit this by sending certain valid BGP update packets, causing Junos OS Evolved to access the uninitialized pointer, leading to a Denial of Service (DoS). Continued receipt of these packets will cause an extended Denial of Service condition, requiring a restart of RPD to recover. An indicator of compromise is the existence of the file rpd.re, which can be checked by issuing the command: show system core-dumps.

Recommendations: For Juniper Networks Junos OS Evolved versions 19.4 through 19.4R2-S2-EVO, update to version 19.4R2-S2-EVO or later. For Juniper Networks Junos OS Evolved versions 20.1 through 20.1R1-S2-EVO, update to version 20.1R1-S2-EVO or later. For Juniper Networks Junos OS Evolved version 20.1R2-S1-EVO, update to a version later than 20.1R2-S1-EVO. As a temporary workaround, consider restricting access to the BGP update packets to minimize the risk of exploitation.