4.7

CVE-2021-0298

A Race Condition in the 'show chassis pic' command in Juniper Networks Junos OS Evolved may allow an attacker to crash the port interface concentrator daemon (picd) process on the FPC, if the command is executed coincident with other system events outside the attacker's control, leading to a Denial of Service (DoS) condition. Continued execution of the CLI command, under precise conditions, could create a sustained Denial of Service (DoS) condition. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO on PTX10003 and PTX10008 platforms. Junos OS is not affected by this vulnerability.

Data is provided by the National Vulnerability Database (NVD)
JuniperJunos Os Evolved Version18.3 Updater1
   JuniperPtx10003 Version-
   JuniperPtx10008 Version-
JuniperJunos Os Evolved Version19.1 Updater1
   JuniperPtx10003 Version-
   JuniperPtx10008 Version-
JuniperJunos Os Evolved Version19.1 Updater2
   JuniperPtx10003 Version-
   JuniperPtx10008 Version-
JuniperJunos Os Evolved Version19.2 Updater1
   JuniperPtx10003 Version-
   JuniperPtx10008 Version-
JuniperJunos Os Evolved Version19.2 Updater2
   JuniperPtx10003 Version-
   JuniperPtx10008 Version-
JuniperJunos Os Evolved Version19.3 Updater1
   JuniperPtx10003 Version-
   JuniperPtx10008 Version-
JuniperJunos Os Evolved Version19.3 Updater2
   JuniperPtx10003 Version-
   JuniperPtx10008 Version-
JuniperJunos Os Evolved Version19.4 Updater1
   JuniperPtx10003 Version-
   JuniperPtx10008 Version-
JuniperJunos Os Evolved Version19.4 Updater1-s1
   JuniperPtx10003 Version-
   JuniperPtx10008 Version-
JuniperJunos Os Evolved Version20.1 Updater1
   JuniperPtx10003 Version-
   JuniperPtx10008 Version-
JuniperJunos Os Evolved Version20.1 Updater1-s1
   JuniperPtx10003 Version-
   JuniperPtx10008 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.03% 0.079
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4 1.9 6.9
AV:L/AC:H/Au:N/C:N/I:N/A:C
sirt@juniper.net 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.