CVE-2021-31353
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an attacker to inject a specific BGP update, causing the routing protocol daemon (RPD) to crash and restart, leading to a Denial of Service (DoS). Continued receipt and processing of the BGP update will create a sustained Denial of Service (DoS) condition. This issue affects very specific versions of Juniper Networks Junos OS: 19.3R3-S2; 19.4R3-S3; 20.2 versions 20.2R2-S3 and later, prior to 20.2R3-S2; 20.3 versions 20.3R2 and later, prior to 20.3R3; 20.4 versions 20.4R2 and later, prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS 20.1 is not affected by this issue. This issue also affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO, 20.4R3-EVO; 21.1-EVO versions prior to 21.1R2-EVO; 21.2-EVO versions prior to 21.2R2-EVO.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | unspecified < 19.3R3-S2 | unaffected |
| Juniper Networks | Junos OS | 19.3R3-S2 | affected |
| Juniper Networks | Junos OS | 19.4R3-S3 | affected |
| Juniper Networks | Junos OS | 20.1R1 < 20.1* | unaffected |
| Juniper Networks | Junos OS | 20.2 < 20.2R2-S3 | unaffected |
| Juniper Networks | Junos OS | 20.3 < 20.3R2 | unaffected |
| Juniper Networks | Junos OS | 20.4 < 20.4R2 | unaffected |
| Juniper Networks | Junos OS | 21.1 < 21.1R2 | affected |
| Juniper Networks | Junos OS Evolved | unspecified < 20.4R2-S3-EVO, 20.4R3-EVO | affected |
| Juniper Networks | Junos OS Evolved | 21.1-EVO < 21.1R2-EVO | affected |
| Juniper Networks | Junos OS Evolved | 21.2-EVO < 21.2R2-EVO | affected |
Weaknesses
- CWE-755: CWE-755 Improper Handling of Exceptional Conditions
Workarounds
This issue can be mitigated in two ways:
ensure that TTL propagation is either enabled or disabled in both places below: protocols mpls no-propagate-ttl routing-instance <vrf> no-vrf-propagate-ttl
Disable multipath: routing-instance <vrf> routing-options multipath
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.