CWE-794
Incomplete Filtering of Multiple Instances of Special Elements
The product receives data from an upstream component, but does not filter all instances of a special element before sending it to a downstream component.
CVE-2019-0002 (GCVE-0-2019-0002)
Vulnerability from cvelistv5
Published
2019-01-15 21:00
Modified
2024-09-16 17:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-794 - Incomplete Filtering of Multiple Instances of Special Elements
Summary
On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. This issue affect both IPv4 and IPv6 firewall filter.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 15.1X53 < 15.1X53-D590 Version: 18.1 < 18.1R3 Version: 18.2 < 18.2R2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106669",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106669"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-pfe-filter.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"EX2300 and EX3400 series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1X53-D590",
"status": "affected",
"version": "15.1X53",
"versionType": "custom"
},
{
"lessThan": "18.1R3",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2",
"status": "affected",
"version": "18.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action \u0027policer\u0027 in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. This issue affect both IPv4 and IPv6 firewall filter."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-794",
"description": "CWE-794: Incomplete Filtering of Multiple Instances of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-23T10:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"name": "106669",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106669"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-pfe-filter.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10901"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1X53-D590, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10901",
"defect": [
"1364866"
],
"discovery": "USER"
},
"title": "Junos OS: EX2300 and EX3400 series: Certain stateless firewall filter rules might not take effect",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0002",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX2300 and EX3400 series: Certain stateless firewall filter rules might not take effect"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"affected": "\u003c",
"platform": "EX2300 and EX3400 series",
"version_affected": "\u003c",
"version_name": "15.1X53",
"version_value": "15.1X53-D590"
},
{
"affected": "\u003c",
"platform": "EX2300 and EX3400 series",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3"
},
{
"affected": "\u003c",
"platform": "EX2300 and EX3400 series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action \u0027policer\u0027 in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. This issue affect both IPv4 and IPv6 firewall filter."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-794: Incomplete Filtering of Multiple Instances of Special Elements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106669",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106669"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-pfe-filter.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-pfe-filter.html"
},
{
"name": "https://kb.juniper.net/JSA10901",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10901"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1X53-D590, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10901",
"defect": [
"1364866"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0002",
"datePublished": "2019-01-15T21:00:00Z",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-09-16T17:44:13.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1665 (GCVE-0-2020-1665)
Vulnerability from cvelistv5
Published
2020-10-16 20:31
Modified
2024-09-16 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-794 - Incomplete Filtering of Multiple Instances of Special Elements
Summary
On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. The DDoS protection allows the device to continue to function while it is under DDoS attack, protecting both the Routing Engine (RE) and the Flexible PIC Concentrator (FPC) during the DDoS attack. When this issue occurs, the RE and/or the FPC can become overwhelmed, which could disrupt network protocol operations and/or interrupt traffic. This issue does not affect IPv4 DDoS protection. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). Please refer to https://kb.juniper.net/KB25385 for the list of Trio-based PFEs. This issue affects Juniper Networks Junos OS on MX series and EX9200 Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R2-S7, 18.2R3, 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 17.2 < 17.2R3-S4 Version: 17.2X75 < 17.2X75-D102, 17.2X75-D110 Version: 17.3 < 17.3R3-S8 Version: 17.4 < 17.4R2-S11, 17.4R3-S2 Version: 18.2 < 18.2R2-S7, 18.2R3, 18.2R3-S3 Version: 18.2X75 < 18.2X75-D30 Version: 18.3 < 18.3R2-S4, 18.3R3-S2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11062"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/KB25385"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"MX series/EX9200 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.2R3-S4",
"status": "affected",
"version": "17.2",
"versionType": "custom"
},
{
"lessThan": "17.2X75-D102, 17.2X75-D110",
"status": "affected",
"version": "17.2X75",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S8",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S11, 17.4R3-S2",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S7, 18.2R3, 18.2R3-S3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.2X75-D30",
"status": "affected",
"version": "18.2X75",
"versionType": "custom"
},
{
"lessThan": "18.3R2-S4, 18.3R3-S2",
"status": "affected",
"version": "18.3",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The DDoS feature is enabled by default, there is no specific config stanza required to enable DDoS protection, however it can be manually disabled.\n\nTo check if DDOS protection is enabled, the administrator can issue the following command: \n user@host\u003e show ddos-protection statistics\n DDOS protection global statistics:\n Policing on routing engine: Yes\n Policing on FPC: Yes"
}
],
"datePublic": "2020-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. The DDoS protection allows the device to continue to function while it is under DDoS attack, protecting both the Routing Engine (RE) and the Flexible PIC Concentrator (FPC) during the DDoS attack. When this issue occurs, the RE and/or the FPC can become overwhelmed, which could disrupt network protocol operations and/or interrupt traffic. This issue does not affect IPv4 DDoS protection. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). Please refer to https://kb.juniper.net/KB25385 for the list of Trio-based PFEs. This issue affects Juniper Networks Junos OS on MX series and EX9200 Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R2-S7, 18.2R3, 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-794",
"description": "CWE-794: Incomplete Filtering of Multiple Instances of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T20:31:27",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11062"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/KB25385"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.2R3-S4, 17.2X75-D102, 17.2X75-D110, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2X75-D30, 18.3R2-S4, 18.3R3-S2, 18.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11062",
"defect": [
"1377899"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: MX series/EX9200 Series: IPv6 DDoS protection does not work as expected.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1665",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX series/EX9200 Series: IPv6 DDoS protection does not work as expected."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX series/EX9200 Series",
"version_affected": "\u003c",
"version_name": "17.2",
"version_value": "17.2R3-S4"
},
{
"platform": "MX series/EX9200 Series",
"version_affected": "\u003c",
"version_name": "17.2X75",
"version_value": "17.2X75-D102, 17.2X75-D110"
},
{
"platform": "MX series/EX9200 Series",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"platform": "MX series/EX9200 Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S11, 17.4R3-S2"
},
{
"platform": "MX series/EX9200 Series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3, 18.2R3-S3"
},
{
"platform": "MX series/EX9200 Series",
"version_affected": "\u003c",
"version_name": "18.2X75",
"version_value": "18.2X75-D30"
},
{
"platform": "MX series/EX9200 Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The DDoS feature is enabled by default, there is no specific config stanza required to enable DDoS protection, however it can be manually disabled.\n\nTo check if DDOS protection is enabled, the administrator can issue the following command: \n user@host\u003e show ddos-protection statistics\n DDOS protection global statistics:\n Policing on routing engine: Yes\n Policing on FPC: Yes"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. The DDoS protection allows the device to continue to function while it is under DDoS attack, protecting both the Routing Engine (RE) and the Flexible PIC Concentrator (FPC) during the DDoS attack. When this issue occurs, the RE and/or the FPC can become overwhelmed, which could disrupt network protocol operations and/or interrupt traffic. This issue does not affect IPv4 DDoS protection. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). Please refer to https://kb.juniper.net/KB25385 for the list of Trio-based PFEs. This issue affects Juniper Networks Junos OS on MX series and EX9200 Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R2-S7, 18.2R3, 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-794: Incomplete Filtering of Multiple Instances of Special Elements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11062",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11062"
},
{
"name": "https://kb.juniper.net/KB25385",
"refsource": "MISC",
"url": "https://kb.juniper.net/KB25385"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.2R3-S4, 17.2X75-D102, 17.2X75-D110, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2X75-D30, 18.3R2-S4, 18.3R3-S2, 18.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11062",
"defect": [
"1377899"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1665",
"datePublished": "2020-10-16T20:31:27.772752Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-16T18:29:50.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0203 (GCVE-0-2021-0203)
Vulnerability from cvelistv5
Published
2021-01-15 17:35
Modified
2024-09-17 01:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-794 - Incomplete Filtering of Multiple Instances of Special Elements
Summary
On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. Storm Control enables the device to monitor traffic levels and to drop broadcast, multicast, and unknown unicast packets when a specified traffic level is exceeded, thus preventing packets from proliferating and degrading the LAN. Note: this issue does not affect EX2200, EX3300, EX4200, and EX9200 Series. This issue affects Juniper Networks Junos OS on EX Series and QFX5K Series: 15.1 versions prior to 15.1R7-S7; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 15.1 < 15.1R7-S7 Version: 16.1 < 16.1R7-S8 Version: 17.2 < 17.2R3-S4 Version: 17.3 < 17.3R3-S8 Version: 17.4 < 17.4R2-S11, 17.4R3-S2 Version: 18.1 < 18.1R3-S10 Version: 18.2 < 18.2R3-S5 Version: 18.3 < 18.3R2-S4, 18.3R3-S2 Version: 18.4 < 18.4R2-S5, 18.4R3-S3 Version: 19.1 < 19.1R2-S2, 19.1R3-S2 Version: 19.2 < 19.2R1-S5, 19.2R2-S1, 19.2R3 Version: 19.3 < 19.3R2-S4, 19.3R3 Version: 19.4 < 19.4R1-S3, 19.4R2-S1, 19.4R3 Version: 20.1 < 20.1R1-S2, 20.1R2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"EX Series, QFX5K Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1R7-S7",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "16.1R7-S8",
"status": "affected",
"version": "16.1",
"versionType": "custom"
},
{
"lessThan": "17.2R3-S4",
"status": "affected",
"version": "17.2",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S8",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S11, 17.4R3-S2",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S10",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S5",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R2-S4, 18.3R3-S2",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S5, 18.4R3-S3",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S2, 19.1R3-S2",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S5, 19.2R2-S1, 19.2R3",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S4, 19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S3, 19.4R2-S1, 19.4R3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R1-S2, 20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue affects device with RTG configured:\n [switch-options redundant-trunk-group]\n\nin combination with the Storm Control configuration:\n\nFor Enhanced Layer 2 Software (ELS) release;\n [interfaces \u003cinterface-name\u003e unit 0 family ethernet-switching storm-control \u003cprofile-name\u003e]\n(see https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/rate-limiting-storm-control-disabling-cli-els.html for reference)\n\nFor non-ELS release:\n [ethernet-switching-options storm-control interface \u003cRGT_interface\u003e]\nor\n [ethernet-switching-options storm-control interface all]\n(see https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/rate-limiting-storm-control-disabling-cli.html)"
}
],
"datePublic": "2021-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. Storm Control enables the device to monitor traffic levels and to drop broadcast, multicast, and unknown unicast packets when a specified traffic level is exceeded, thus preventing packets from proliferating and degrading the LAN. Note: this issue does not affect EX2200, EX3300, EX4200, and EX9200 Series. This issue affects Juniper Networks Junos OS on EX Series and QFX5K Series: 15.1 versions prior to 15.1R7-S7; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-794",
"description": "CWE-794: Incomplete Filtering of Multiple Instances of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T17:35:52",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11093"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 15.1R7-S7, 16.1R7-S8, 17.2R3-S4, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.1R3-S10, 18.2R3-S5, 18.3R2-S4, 18.3R3-S2, 18.4R2-S5, 18.4R3-S3, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R2-S1, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11093",
"defect": [
"1491669"
],
"discovery": "USER"
},
"title": "Junos OS: EX and QFX5K Series: Storm Control does not work as expected when Redundant Trunk Group is configured",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-01-13T17:00:00.000Z",
"ID": "CVE-2021-0203",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX and QFX5K Series: Storm Control does not work as expected when Redundant Trunk Group is configured"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S7"
},
{
"platform": "EX Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "16.1",
"version_value": "16.1R7-S8"
},
{
"platform": "EX Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "17.2",
"version_value": "17.2R3-S4"
},
{
"platform": "EX Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"platform": "EX Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S11, 17.4R3-S2"
},
{
"platform": "EX Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"platform": "EX Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S5"
},
{
"platform": "EX Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S2"
},
{
"platform": "EX Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S3"
},
{
"platform": "EX Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3-S2"
},
{
"platform": "EX Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2-S1, 19.2R3"
},
{
"platform": "EX Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S4, 19.3R3"
},
{
"platform": "EX Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2-S1, 19.4R3"
},
{
"platform": "EX Series, QFX5K Series",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1-S2, 20.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue affects device with RTG configured:\n [switch-options redundant-trunk-group]\n\nin combination with the Storm Control configuration:\n\nFor Enhanced Layer 2 Software (ELS) release;\n [interfaces \u003cinterface-name\u003e unit 0 family ethernet-switching storm-control \u003cprofile-name\u003e]\n(see https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/rate-limiting-storm-control-disabling-cli-els.html for reference)\n\nFor non-ELS release:\n [ethernet-switching-options storm-control interface \u003cRGT_interface\u003e]\nor\n [ethernet-switching-options storm-control interface all]\n(see https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/rate-limiting-storm-control-disabling-cli.html)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. Storm Control enables the device to monitor traffic levels and to drop broadcast, multicast, and unknown unicast packets when a specified traffic level is exceeded, thus preventing packets from proliferating and degrading the LAN. Note: this issue does not affect EX2200, EX3300, EX4200, and EX9200 Series. This issue affects Juniper Networks Junos OS on EX Series and QFX5K Series: 15.1 versions prior to 15.1R7-S7; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-794: Incomplete Filtering of Multiple Instances of Special Elements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11093",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11093"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 15.1R7-S7, 16.1R7-S8, 17.2R3-S4, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.1R3-S10, 18.2R3-S5, 18.3R2-S4, 18.3R3-S2, 18.4R2-S5, 18.4R3-S3, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R2-S1, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11093",
"defect": [
"1491669"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0203",
"datePublished": "2021-01-15T17:35:52.190641Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T01:01:23.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0233 (GCVE-0-2021-0233)
Vulnerability from cvelistv5
Published
2021-04-22 19:37
Modified
2024-09-16 18:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in Juniper Networks Junos OS ACX500 Series, ACX4000 Series, may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a Forwarding Engine Board (FFEB) crash. Continued receipt of these packets will sustain the Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on ACX500 Series, ACX4000 Series: 17.4 versions prior to 17.4R3-S2.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 17.4 < 17.4R3-S2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11128"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"ACX500 Series, ACX4000 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.4R3-S2",
"status": "affected",
"version": "17.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Juniper Networks Junos OS ACX500 Series, ACX4000 Series, may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a Forwarding Engine Board (FFEB) crash. Continued receipt of these packets will sustain the Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on ACX500 Series, ACX4000 Series: 17.4 versions prior to 17.4R3-S2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-794",
"description": "CWE-794: Incomplete Filtering of Multiple Instances of Special Elements",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11128"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 17.4R3-S2, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11128",
"defect": [
"1465802"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: ACX500 Series, ACX4000 Series: Denial of Service due to FFEB crash while processing high rate of specific packets.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0233",
"STATE": "PUBLIC",
"TITLE": "Junos OS: ACX500 Series, ACX4000 Series: Denial of Service due to FFEB crash while processing high rate of specific packets."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "ACX500 Series, ACX4000 Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R3-S2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Juniper Networks Junos OS ACX500 Series, ACX4000 Series, may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a Forwarding Engine Board (FFEB) crash. Continued receipt of these packets will sustain the Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on ACX500 Series, ACX4000 Series: 17.4 versions prior to 17.4R3-S2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-794: Incomplete Filtering of Multiple Instances of Special Elements"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11128",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11128"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 17.4R3-S2, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11128",
"defect": [
"1465802"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0233",
"datePublished": "2021-04-22T19:37:01.321596Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T18:14:29.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.