CVE-2021-0291

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 15.1 through 15.1R7-S9 Juniper Networks Junos OS versions 17.3 through 17.3R3-S12 Juniper Networks Junos OS versions 17.4 through 17.4R3-S5 Juniper Networks Junos OS versions 18.3 through 18.3R3-S5 Juniper Networks Junos OS versions 18.4 through 18.4R2-S8 Juniper Networks Junos OS versions 19.1 through 19.1R3-S5 Juniper Networks Junos OS versions 19.2 through 19.2R3-S2 Juniper Networks Junos OS versions 19.3 through 19.3R3-S2 Juniper Networks Junos OS versions 19.4 through 19.4R3 Juniper Networks Junos OS versions 20.1 through 20.1R2 Juniper Networks Junos OS versions 20.2 through 20.2R2 Juniper Networks Junos OS versions 20.3 through 20.3R2 Juniper Networks Junos OS Evolved versions prior to 20.3R2-EVO

Description The issue is caused by insufficient protection of a sensitive system-level resource, allowing a network-based unauthenticated attacker to send specific traffic that partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. The SNMP Agent Extensibility (agentx) process should only be listening to TCP port 705 on the internal routing instance, and external connections destined to port 705 should not be allowed.

Recommendations For Juniper Networks Junos OS versions 15.1 through 15.1R7-S9, update to version 15.1R7-S9 or later. For Juniper Networks Junos OS versions 17.3 through 17.3R3-S12, update to version 17.3R3-S12 or later. For Juniper Networks Junos OS versions 17.4 through 17.4R3-S5, update to version 17.4R3-S5 or later. For Juniper Networks Junos OS versions 18.3 through 18.3R3-S5, update to version 18.3R3-S5 or later. For Juniper Networks Junos OS versions 18.4 through 18.4R2-S8, update to version 18.4R2-S8 or later. For Juniper Networks Junos OS versions 19.1 through 19.1R3-S5, update to version 19.1R3-S5 or later. For Juniper Networks Junos OS versions 19.2 through 19.2R3-S2, update to version 19.2R3-S2 or later. For Juniper Networks Junos OS versions 19.3 through 19.3R3-S2, update to version 19.3R3-S2 or later. For Juniper Networks Junos OS versions 19.4 through 19.4R3, update to version 19.4R3 or later. For Juniper Networks Junos OS versions 20.1 through 20.1R2, update to version 20.1R2 or later. For Juniper Networks Junos OS versions 20.2 through 20.2R2, update to version 20.2R2 or later. For Juniper Networks Junos OS versions 20.3 through 20.3R2, update to version 20.3R2 or later. For Juniper Networks Junos OS Evolved versions prior to 20.3R2-EVO, update to version 20.3R2-EVO or later. As a temporary workaround, consider restricting access to TCP port 705 on the internal routing instance to prevent external connections.