CVE-2021-0209

EPSS 0.08%
Published 15.01.2021 18:15:15
Last modified 21.11.2024 05:42:12
Source sirt@juniper.net
Teams watchlist Login
Open Login

In Juniper Networks Junos OS Evolved an attacker sending certain valid BGP update packets may cause Junos OS Evolved to access an uninitialized pointer causing RPD to core leading to a Denial of Service (DoS). Continued receipt of these types of valid BGP update packets will cause an extended Denial of Service condition. RPD will require a restart to recover. An indicator of compromise is to see if the file rpd.re exists by issuing the command: show system core-dumps This issue affects: Juniper Networks Junos OS Evolved 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S2-EVO, 20.1R2-S1-EVO. This issue does not affect Junos OS.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Juniper ≫ Junos Os Evolved Version19.4 Updater1

Juniper ≫ Junos Os Evolved Version19.4 Updater2

Juniper ≫ Junos Os Evolved Version19.4 Updater2-s1

Juniper ≫ Junos Os Evolved Version20.1 Update-

Juniper ≫ Junos Os Evolved Version20.1 Updater1

Juniper ≫ Junos Os Evolved Version20.1 Updater1-s1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.198

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5.7	5.5	6.9	AV:A/AC:M/Au:N/C:N/I:N/A:C
sirt@juniper.net	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.

https://kb.juniper.net/JSA11099

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-0209

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-0209

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-0209

EUVD