CVE-2021-0288 - Vulnerability Details

- Junos OS: MX Series, EX9200 Series: FPC may crash upon receipt of specific MPLS packet affecting Trio-based MPCs

Description

A vulnerability in the processing of specific MPLS packets in Juniper Networks Junos OS on MX Series and EX9200 Series devices with Trio-based MPCs (Modular Port Concentrators) may cause FPC to crash and lead to a Denial of Service (DoS) condition. Continued receipt of this packet will sustain the Denial of Service (DoS) condition. This issue only affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2;

Published: 2021-07-15

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Juniper Networks

Junos OS

affected

Version	Status	Constraints
`17.3`	affected	< 17.3R3-S12
`17.4`	affected	< 17.4R2-S13, 17.4R3-S5
`18.1`	affected	< 18.1R3-S13
`18.2`	affected	< 18.2R3-S8
`18.3`	affected	< 18.3R3-S5
`18.4`	affected	< 18.4R2-S8, 18.4R3-S8
`19.1`	affected	< 19.1R3-S5
`19.2`	affected	< 19.2R3-S2
`19.3`	affected	< 19.3R2-S6, 19.3R3-S3
`19.4`	affected	< 19.4R1-S4, 19.4R1-S4, 19.4R2-S4, 19.4R3-S2
`20.1`	affected	< 20.1R3
`20.2`	affected	< 20.2R2-S2, 20.2R3
`20.3`	affected	< 20.3R2
`20.4`	affected	< 20.4R2

Configuration 1 [-]

AND

OR	cpe:2.3:o:juniper:junos:17.3:-::::::
	cpe:2.3:o:juniper:junos:17.3:r1::::::
	cpe:2.3:o:juniper:junos:17.3:r1-s1::::::
	cpe:2.3:o:juniper:junos:17.3:r1-s4::::::
	cpe:2.3:o:juniper:junos:17.3:r2::::::
	cpe:2.3:o:juniper:junos:17.3:r2-s1::::::
	cpe:2.3:o:juniper:junos:17.3:r2-s2::::::
	cpe:2.3:o:juniper:junos:17.3:r2-s3::::::
	cpe:2.3:o:juniper:junos:17.3:r2-s4::::::
	cpe:2.3:o:juniper:junos:17.3:r2-s5::::::
	cpe:2.3:o:juniper:junos:17.3:r3::::::
	cpe:2.3:o:juniper:junos:17.3:r3:-:::::*
	cpe:2.3:o:juniper:junos:17.3:r3-s1::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s10::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s11::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s2::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s3::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s4::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s5::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s6::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s7::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s8::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s9::::::
	cpe:2.3:o:juniper:junos:17.4:-::::::
	cpe:2.3:o:juniper:junos:17.4:r1::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s3::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s4::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s5::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s6::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s7::::::
	cpe:2.3:o:juniper:junos:17.4:r2::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s10::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s11::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s12::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s3::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s4::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s5::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s6::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s7::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s8::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s9::::::
	cpe:2.3:o:juniper:junos:17.4:r3::::::
	cpe:2.3:o:juniper:junos:17.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:17.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:17.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:17.4:r3-s4::::::
	cpe:2.3:o:juniper:junos:18.1:-::::::
	cpe:2.3:o:juniper:junos:18.1:r1::::::
	cpe:2.3:o:juniper:junos:18.1:r2::::::
	cpe:2.3:o:juniper:junos:18.1:r2-s1::::::
	cpe:2.3:o:juniper:junos:18.1:r2-s2::::::
	cpe:2.3:o:juniper:junos:18.1:r2-s4::::::
	cpe:2.3:o:juniper:junos:18.1:r3::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s1::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s10::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s11::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s12::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s2::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s3::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s4::::::
cpe:2.3:o:juniper:junos:18.1:r3-s5::::::
cpe:2.3:o:juniper:junos:18.1:r3-s6::::::
cpe:2.3:o:juniper:junos:18.1:r3-s7::::::
cpe:2.3:o:juniper:junos:18.1:r3-s8::::::
cpe:2.3:o:juniper:junos:18.1:r3-s9::::::
cpe:2.3:o:juniper:junos:18.2:-::::::
cpe:2.3:o:juniper:junos:18.2:r1::::::
cpe:2.3:o:juniper:junos:18.2:r1:-:::::*
cpe:2.3:o:juniper:junos:18.2:r1-s2::::::
cpe:2.3:o:juniper:junos:18.2:r1-s3::::::
cpe:2.3:o:juniper:junos:18.2:r1-s4::::::
cpe:2.3:o:juniper:junos:18.2:r1-s5::::::
cpe:2.3:o:juniper:junos:18.2:r2::::::
cpe:2.3:o:juniper:junos:18.2:r2-s1::::::
cpe:2.3:o:juniper:junos:18.2:r2-s2::::::
cpe:2.3:o:juniper:junos:18.2:r2-s3::::::
cpe:2.3:o:juniper:junos:18.2:r2-s4::::::
cpe:2.3:o:juniper:junos:18.2:r2-s5::::::
cpe:2.3:o:juniper:junos:18.2:r2-s6::::::
cpe:2.3:o:juniper:junos:18.2:r2-s7::::::
cpe:2.3:o:juniper:junos:18.2:r3::::::
cpe:2.3:o:juniper:junos:18.2:r3-s1::::::
cpe:2.3:o:juniper:junos:18.2:r3-s2::::::
cpe:2.3:o:juniper:junos:18.2:r3-s3::::::
cpe:2.3:o:juniper:junos:18.2:r3-s4::::::
cpe:2.3:o:juniper:junos:18.2:r3-s5::::::
cpe:2.3:o:juniper:junos:18.2:r3-s6::::::
cpe:2.3:o:juniper:junos:18.2:r3-s7::::::
cpe:2.3:o:juniper:junos:18.3:-::::::
cpe:2.3:o:juniper:junos:18.3:r1::::::
cpe:2.3:o:juniper:junos:18.3:r1-s1::::::
cpe:2.3:o:juniper:junos:18.3:r1-s2::::::
cpe:2.3:o:juniper:junos:18.3:r1-s3::::::
cpe:2.3:o:juniper:junos:18.3:r1-s4::::::
cpe:2.3:o:juniper:junos:18.3:r1-s5::::::
cpe:2.3:o:juniper:junos:18.3:r1-s6::::::
cpe:2.3:o:juniper:junos:18.3:r2::::::
cpe:2.3:o:juniper:junos:18.3:r2-s1::::::
cpe:2.3:o:juniper:junos:18.3:r2-s2::::::
cpe:2.3:o:juniper:junos:18.3:r2-s3::::::
cpe:2.3:o:juniper:junos:18.3:r2-s4::::::
cpe:2.3:o:juniper:junos:18.3:r3::::::
cpe:2.3:o:juniper:junos:18.3:r3-s1::::::
cpe:2.3:o:juniper:junos:18.3:r3-s2::::::
cpe:2.3:o:juniper:junos:18.3:r3-s3::::::
cpe:2.3:o:juniper:junos:18.3:r3-s4::::::
cpe:2.3:o:juniper:junos:18.4:-::::::
cpe:2.3:o:juniper:junos:18.4:r1::::::
cpe:2.3:o:juniper:junos:18.4:r1-s1::::::
cpe:2.3:o:juniper:junos:18.4:r1-s2::::::
cpe:2.3:o:juniper:junos:18.4:r1-s3::::::
cpe:2.3:o:juniper:junos:18.4:r1-s4::::::
cpe:2.3:o:juniper:junos:18.4:r1-s5::::::
cpe:2.3:o:juniper:junos:18.4:r1-s6::::::
cpe:2.3:o:juniper:junos:18.4:r1-s7::::::
cpe:2.3:o:juniper:junos:18.4:r2::::::
cpe:2.3:o:juniper:junos:18.4:r2-s1::::::
cpe:2.3:o:juniper:junos:18.4:r2-s2::::::
cpe:2.3:o:juniper:junos:18.4:r2-s3::::::
cpe:2.3:o:juniper:junos:18.4:r2-s4::::::
cpe:2.3:o:juniper:junos:18.4:r2-s5::::::
cpe:2.3:o:juniper:junos:18.4:r2-s6::::::
cpe:2.3:o:juniper:junos:18.4:r2-s7::::::
cpe:2.3:o:juniper:junos:18.4:r3::::::
cpe:2.3:o:juniper:junos:18.4:r3-s1::::::
cpe:2.3:o:juniper:junos:18.4:r3-s2::::::
cpe:2.3:o:juniper:junos:18.4:r3-s3::::::
cpe:2.3:o:juniper:junos:18.4:r3-s4::::::
cpe:2.3:o:juniper:junos:18.4:r3-s5::::::
cpe:2.3:o:juniper:junos:18.4:r3-s6::::::
cpe:2.3:o:juniper:junos:18.4:r3-s7::::::
cpe:2.3:o:juniper:junos:19.1:-::::::
cpe:2.3:o:juniper:junos:19.1:r1::::::
cpe:2.3:o:juniper:junos:19.1:r1-s1::::::
cpe:2.3:o:juniper:junos:19.1:r1-s2::::::
cpe:2.3:o:juniper:junos:19.1:r1-s3::::::
cpe:2.3:o:juniper:junos:19.1:r1-s4::::::
cpe:2.3:o:juniper:junos:19.1:r1-s5::::::
cpe:2.3:o:juniper:junos:19.1:r1-s6::::::
cpe:2.3:o:juniper:junos:19.1:r2::::::
cpe:2.3:o:juniper:junos:19.1:r2-s1::::::
cpe:2.3:o:juniper:junos:19.1:r2-s2::::::
cpe:2.3:o:juniper:junos:19.1:r3::::::
cpe:2.3:o:juniper:junos:19.1:r3-s1::::::
cpe:2.3:o:juniper:junos:19.1:r3-s2::::::
cpe:2.3:o:juniper:junos:19.1:r3-s3::::::
cpe:2.3:o:juniper:junos:19.1:r3-s4::::::
cpe:2.3:o:juniper:junos:19.2:-::::::
cpe:2.3:o:juniper:junos:19.2:r1::::::
cpe:2.3:o:juniper:junos:19.2:r1-s1::::::
cpe:2.3:o:juniper:junos:19.2:r1-s2::::::
cpe:2.3:o:juniper:junos:19.2:r1-s3::::::
cpe:2.3:o:juniper:junos:19.2:r1-s4::::::
cpe:2.3:o:juniper:junos:19.2:r1-s5::::::
cpe:2.3:o:juniper:junos:19.2:r1-s6::::::
cpe:2.3:o:juniper:junos:19.2:r2::::::
cpe:2.3:o:juniper:junos:19.2:r2-s1::::::
cpe:2.3:o:juniper:junos:19.2:r3::::::
cpe:2.3:o:juniper:junos:19.2:r3-s1::::::
cpe:2.3:o:juniper:junos:19.3:-::::::
cpe:2.3:o:juniper:junos:19.3:r1::::::
cpe:2.3:o:juniper:junos:19.3:r1-s1::::::
cpe:2.3:o:juniper:junos:19.3:r2::::::
cpe:2.3:o:juniper:junos:19.3:r2-s1::::::
cpe:2.3:o:juniper:junos:19.3:r2-s2::::::
cpe:2.3:o:juniper:junos:19.3:r2-s3::::::
cpe:2.3:o:juniper:junos:19.3:r2-s4::::::
cpe:2.3:o:juniper:junos:19.3:r2-s5::::::
cpe:2.3:o:juniper:junos:19.3:r3::::::
cpe:2.3:o:juniper:junos:19.3:r3-s1::::::
cpe:2.3:o:juniper:junos:19.3:r3-s2::::::
cpe:2.3:o:juniper:junos:19.4:r1::::::
cpe:2.3:o:juniper:junos:19.4:r1-s1::::::
cpe:2.3:o:juniper:junos:19.4:r1-s2::::::
cpe:2.3:o:juniper:junos:19.4:r1-s3::::::
cpe:2.3:o:juniper:junos:19.4:r2::::::
cpe:2.3:o:juniper:junos:19.4:r2-s1::::::
cpe:2.3:o:juniper:junos:19.4:r2-s2::::::
cpe:2.3:o:juniper:junos:19.4:r2-s3::::::
cpe:2.3:o:juniper:junos:19.4:r3::::::
cpe:2.3:o:juniper:junos:19.4:r3-s1::::::
cpe:2.3:o:juniper:junos:20.1:r1::::::
cpe:2.3:o:juniper:junos:20.1:r1-s1::::::
cpe:2.3:o:juniper:junos:20.1:r1-s2::::::
cpe:2.3:o:juniper:junos:20.1:r1-s3::::::
cpe:2.3:o:juniper:junos:20.1:r1-s4::::::
cpe:2.3:o:juniper:junos:20.1:r2::::::
cpe:2.3:o:juniper:junos:20.1:r2-s1::::::
cpe:2.3:o:juniper:junos:20.2:r1::::::
cpe:2.3:o:juniper:junos:20.2:r1-s1::::::
cpe:2.3:o:juniper:junos:20.2:r1-s2::::::
cpe:2.3:o:juniper:junos:20.2:r1-s3::::::
cpe:2.3:o:juniper:junos:20.2:r2::::::
cpe:2.3:o:juniper:junos:20.2:r2-s1::::::
cpe:2.3:o:juniper:junos:20.3:r1::::::
cpe:2.3:o:juniper:junos:20.3:r1-s1::::::
cpe:2.3:o:juniper:junos:20.4:r1::::::
cpe:2.3:o:juniper:junos:20.4:r1-s1::::::

OR	cpe:2.3:h:juniper:ex9200:-:::::::*
	cpe:2.3:h:juniper:ex9204:-:::::::*
	cpe:2.3:h:juniper:ex9208:-:::::::*
	cpe:2.3:h:juniper:ex9214:-:::::::*
	cpe:2.3:h:juniper:ex9250:-:::::::*
	cpe:2.3:h:juniper:ex9251:-:::::::*
	cpe:2.3:h:juniper:ex9253:-:::::::*
	cpe:2.3:h:juniper:mx:-:::::::*
	cpe:2.3:h:juniper:mx10:-:::::::*
	cpe:2.3:h:juniper:mx10000:-:::::::*
	cpe:2.3:h:juniper:mx10003:-:::::::*
	cpe:2.3:h:juniper:mx10008:-:::::::*
	cpe:2.3:h:juniper:mx10016:-:::::::*
	cpe:2.3:h:juniper:mx104:-:::::::*
	cpe:2.3:h:juniper:mx150:-:::::::*
	cpe:2.3:h:juniper:mx2008:-:::::::*
	cpe:2.3:h:juniper:mx2010:-:::::::*
	cpe:2.3:h:juniper:mx2020:-:::::::*
	cpe:2.3:h:juniper:mx204:-:::::::*
	cpe:2.3:h:juniper:mx240:-:::::::*
	cpe:2.3:h:juniper:mx40:-:::::::*
	cpe:2.3:h:juniper:mx480:-:::::::*
	cpe:2.3:h:juniper:mx5:-:::::::*
	cpe:2.3:h:juniper:mx80:-:::::::*
	cpe:2.3:h:juniper:mx960:-:::::::*

No data.

No data available yet.

Remediation

Vendor Solution

The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R2-S8, 18.4R3-S8, 19.1R3-S5, 19.2R3-S2, 19.3R2-S6, 19.3R3-S3, 19.4R2-S4, 19.4R3-S2, 20.1R3, 20.2R2-S2, 20.2R3, 20.3R2, 20.4R2, 21.1R1, and all subsequent releases.

Vendor Workaround

There are no viable workarounds for this issue.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2021-2907	A vulnerability in the processing of specific MPLS packets in Juniper Networks Junos OS on MX Series and EX9200 Series devices with Trio-based MPCs (Modular Port Concentrators) may cause FPC to crash and lead to a Denial of Service (DoS) condition. Continued receipt of this packet will sustain the Denial of Service (DoS) condition. This issue only affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2;

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00081.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://kb.juniper.net/JSA11190

History

No history.

Subscriptions

Juniper Ex9200 Ex9204 Ex9208 Ex9214 Ex9250 Ex9251 Ex9253 Junos Mx Mx10 Mx10000 Mx10003 Mx10008 Mx10016 Mx104 Mx150 Mx2008 Mx2010 Mx2020 Mx204 Mx240 Mx40 Mx480 Mx5 Mx80 Mx960

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2021-07-15T20:01:03.896Z

Updated: 2024-09-17T02:10:46.812Z

Reserved: 2020-10-27T00:00:00.000Z

Link: CVE-2021-0288

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-07-15T20:15:10.490

Modified: 2024-11-21T05:42:24.607

Link: CVE-2021-0288

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-754

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object