PT-2021-5011 · Juniper Networks · Junos+1

Published

2021-10-13

Updated

2021-10-25

CVE-2021-31353

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 19.3R3-S2; 19.4R3-S3; 20.2R2-S3 through 20.2R3-S2; 20.3R2 through 20.3R3; 20.4R2 through 20.4R3; 21.1 versions prior to 21.1R2 Juniper Networks Junos OS Evolved versions prior to 20.4R2-S3-EVO; 20.4R3-EVO; 21.1-EVO versions prior to 21.1R2-EVO; 21.2-EVO versions prior to 21.2R2-EVO

Description The issue is related to an Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows an attacker to inject a specific BGP update, causing the routing protocol daemon (RPD) to crash and restart, leading to a Denial of Service (DoS). Continued receipt and processing of the BGP update will create a sustained Denial of Service (DoS) condition.

Recommendations For Juniper Networks Junos OS version 19.3R3-S2, update to a version later than 19.3R3-S2. For Juniper Networks Junos OS version 19.4R3-S3, update to a version later than 19.4R3-S3. For Juniper Networks Junos OS versions 20.2R2-S3 through 20.2R3-S2, update to a version later than 20.2R3-S2. For Juniper Networks Junos OS versions 20.3R2 through 20.3R3, update to a version later than 20.3R3. For Juniper Networks Junos OS versions 20.4R2 through 20.4R3, update to a version later than 20.4R3. For Juniper Networks Junos OS versions prior to 21.1R2, update to version 21.1R2 or later. For Juniper Networks Junos OS Evolved versions prior to 20.4R2-S3-EVO, update to version 20.4R2-S3-EVO or later. For Juniper Networks Junos OS Evolved versions prior to 20.4R3-EVO, update to version 20.4R3-EVO or later. For Juniper Networks Junos OS Evolved versions prior to 21.1R2-EVO, update to version 21.1R2-EVO or later. For Juniper Networks Junos OS Evolved versions prior to 21.2R2-EVO, update to version 21.2R2-EVO or later.

Exploit

Fix

DoS

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-703CWE-755

Related Identifiers

BDU:2021-05778

CVE-2021-31353

Affected Products

Junos

Junos Evolved

PT-2021-5011 · Juniper Networks · Junos+1

CVE-2021-31353

Weakness Enumeration

Related Identifiers

Affected Products

References · 9