CVE-2021-0227

Summary

An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service (DoS) by sending certain crafted HTTP packets. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. When this issue occurs, web-management, NTP daemon (ntpd) and Layer 2 Control Protocol process (L2CPD) daemons might crash. This issue affects Juniper Networks Junos OS on SRX Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2;

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS17.3 < 17.3R3-S9affected
Juniper NetworksJunos OS17.4 < 17.4R2-S11, 17.4R3-S2affected
Juniper NetworksJunos OS18.2 < 18.2R3-S5affected
Juniper NetworksJunos OS18.3 < 18.3R2-S4, 18.3R3-S3affected
Juniper NetworksJunos OS18.4 < 18.4R2-S5, 18.4R3-S4affected
Juniper NetworksJunos OS19.1 < 19.1R3-S2affected
Juniper NetworksJunos OS19.2 < 19.2R1-S5, 19.2R3affected
Juniper NetworksJunos OS19.3 < 19.3R3affected
Juniper NetworksJunos OS19.4 < 19.4R2-S1, 19.4R3affected
Juniper NetworksJunos OS20.1 < 20.1R1-S2, 20.1R2affected

Weaknesses

  • CWE-119: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Denial of Service (DoS)

Workarounds

There are no viable workarounds for this issue.

To reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users.

ADP Enrichment

CVE Program Container

Additional References

References