{"containers": {"cna": {"affected": [{"product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "19.1R1-EVO", "versionType": "custom"}, {"lessThan": "20.3R1-S2-EVO, 20.3R2-EVO", "status": "affected", "version": "20.3-EVO", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "The examples of the config stanza affected by this issue:\n\n [firewall policer]\n [firewall filter]"}], "datePublic": "2021-04-14T00:00:00", "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action 'policer' in certain combinations with other options to not take effect. An administrator can use the following CLI command to see the failures with filter configuration: user@device> show log kfirewall-agent.log | match ERROR Jul 23 14:16:03 ERROR: filter not supported This issue affects Juniper Networks Junos OS Evolved: Versions 19.1R1-EVO and above prior to 20.3R1-S2-EVO, 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-22T19:36:55", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://kb.juniper.net/JSA11120"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 20.3R1-S2-EVO, 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."}], "source": {"advisory": "JSA11120", "defect": ["1528091"], "discovery": "USER"}, "title": "Junos OS Evolved: Stateless IP firewall filter does not work as expected", "workarounds": [{"lang": "en", "value": "There are no viable workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2021-04-14T16:00:00.000Z", "ID": "CVE-2021-0225", "STATE": "PUBLIC", "TITLE": "Junos OS Evolved: Stateless IP firewall filter does not work as expected"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos OS Evolved", "version": {"version_data": [{"version_affected": ">=", "version_value": "19.1R1-EVO"}, {"version_affected": "<", "version_name": "20.3-EVO", "version_value": "20.3R1-S2-EVO, 20.3R2-EVO"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "configuration": [{"lang": "en", "value": "The examples of the config stanza affected by this issue:\n\n [firewall policer]\n [firewall filter]"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action 'policer' in certain combinations with other options to not take effect. An administrator can use the following CLI command to see the failures with filter configuration: user@device> show log kfirewall-agent.log | match ERROR Jul 23 14:16:03 ERROR: filter not supported This issue affects Juniper Networks Junos OS Evolved: Versions 19.1R1-EVO and above prior to 20.3R1-S2-EVO, 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA11120", "refsource": "MISC", "url": "https://kb.juniper.net/JSA11120"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 20.3R1-S2-EVO, 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."}], "source": {"advisory": "JSA11120", "defect": ["1528091"], "discovery": "USER"}, "work_around": [{"lang": "en", "value": "There are no viable workarounds for this issue."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:32:10.121Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://kb.juniper.net/JSA11120"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2021-0225", "datePublished": "2021-04-22T19:36:55.884687Z", "dateReserved": "2020-10-27T00:00:00", "dateUpdated": "2024-09-16T22:25:00.875Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.1:r1:*:*:*:*:*:*", "matchCriteriaId": "2C3245C5-9EE1-490C-B7C7-5C02F155DDD8", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.1:r2:*:*:*:*:*:*", "matchCriteriaId": "01A9BD92-5865-455D-9585-098DCFCC24DD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.2:r1:*:*:*:*:*:*", "matchCriteriaId": "914D6984-1820-483B-AEB9-2C5257B5E900", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.2:r2:*:*:*:*:*:*", "matchCriteriaId": "14C57D33-01BB-4190-B787-F5BDACE82AFD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.3:r1:*:*:*:*:*:*", "matchCriteriaId": "6480A5C9-3280-40C5-BC08-509555F28363", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.3:r2:*:*:*:*:*:*", "matchCriteriaId": "2D3C2D74-AF22-4BED-A0C5-089B5507D275", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.1:r1:*:*:*:*:*:*", "matchCriteriaId": "F64FBB4B-7CBF-499B-A523-804857DEFAFA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "EEBE159F-5D94-4C18-B922-331586BEA2CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.2:r1:*:*:*:*:*:*", "matchCriteriaId": "FCA8D4D2-D49D-4F91-95E2-2A0E8599338A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "FF37C911-1904-475A-86F7-F92F34A1A88F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.3:r1:*:*:*:*:*:*", "matchCriteriaId": "4AFB91E3-CAAC-429F-A869-DDD40FB0F84D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.3:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "0A9CA997-2DDA-4808-B2AE-8804FEB798B2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action 'policer' in certain combinations with other options to not take effect. An administrator can use the following CLI command to see the failures with filter configuration: user@device> show log kfirewall-agent.log | match ERROR Jul 23 14:16:03 ERROR: filter not supported This issue affects Juniper Networks Junos OS Evolved: Versions 19.1R1-EVO and above prior to 20.3R1-S2-EVO, 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS."}, {"lang": "es", "value": "Una Comprobaci\u00f3n Inapropiada de Condiciones Inusuales o Excepcionales en Juniper Networks Junos OS Evolved, puede causar que la configuraci\u00f3n del filtro de firewall sin estado que usa la acci\u00f3n \"policer\" en determinadas combinaciones con otras opciones no surta efecto.&#xa0;Un administrador puede usar el siguiente comando CLI para visualizar los fallos con la configuraci\u00f3n del filtro: user@device) show log kfirewall-agent.log | match ERROR Jul 23 14:16:03 ERROR: filter not supported. Este problema afecta a Juniper Networks Junos OS Evolved: Versiones 19.1R1-EVO y por encima, versiones anteriores a 20.3R1-S2-EVO, 20.3R2-EVO.&#xa0;Este problema no afecta al Juniper Networks Junos OS"}], "id": "CVE-2021-0225", "lastModified": "2024-11-21T05:42:14.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "sirt@juniper.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-22T20:15:08.463", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA11120"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA11120"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "sirt@juniper.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}