CVE-2021-0214

Summary

A vulnerability in the distributed or centralized periodic packet management daemon (PPMD) of Juniper Networks Junos OS may cause receipt of a malformed packet to crash and restart the PPMD process, leading to network destabilization, service interruption, and a Denial of Service (DoS) condition. Continued receipt and processing of these malformed packets will repeatedly crash the PPMD process and sustain the Denial of Service (DoS) condition. Due to the nature of the specifically crafted packet, exploitation of this issue requires direct, adjacent connectivity to the vulnerable component. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S12, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S5, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS17.3 < 17.3R3-S11affected
Juniper NetworksJunos OS17.4 < 17.4R2-S12, 17.4R3-S4affected
Juniper NetworksJunos OS18.1 < 18.1R3-S12affected
Juniper NetworksJunos OS18.2 < 18.2R2-S8, 18.2R3-S7affected
Juniper NetworksJunos OS18.3 < 18.3R3-S4affected
Juniper NetworksJunos OS18.4 < 18.4R1-S8, 18.4R2-S7, 18.4R3-S6affected
Juniper NetworksJunos OS19.1 < 19.1R1-S6, 19.1R2-S2, 19.1R3-S4affected
Juniper NetworksJunos OS19.2 < 19.2R1-S5, 19.2R3-S1affected
Juniper NetworksJunos OS19.3 < 19.3R2-S5, 19.3R3-S1affected
Juniper NetworksJunos OS19.4 < 19.4R2-S2, 19.4R3affected
Juniper NetworksJunos OS20.1 < 20.1R2affected
Juniper NetworksJunos OS20.2 < 20.2R1-S2, 20.2R2affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation
  • Denial of Service

Workarounds

There are no viable workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

References