CVE-2021-0294 - OpenCVE

Vendors	Products
Juniper	Qfx5210 Ex4650 Qfx5100 Qfx5120 Qfx5110 Junos Ex4600 Qfx5200

Link	Resource
https://kb.juniper.net/JSA11196	Vendor Advisory

{"containers": {"cna": {"affected": [{"platforms": ["QFX5000 Series, EX4600 Series"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"status": "affected", "version": "18.4R2-S5"}]}], "configurations": [{"lang": "en", "value": "This issue only affects the above devices if configured with:\n\n [ forwarding-options storm-control enhanced ]"}], "datePublic": "2021-07-14T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in Juniper Networks Junos OS, which only affects the release 18.4R2-S5, where a function is inconsistently implemented on Juniper Networks Junos QFX5000 Series and EX4600 Series, and if \"storm-control enhanced\" is configured, can lead to the enhanced storm control filter group not be installed. It will cause storm control not to work hence allowing an attacker to cause high CPU usage or packet loss issues by sending a large amount of broadcast or unknown unicast packets arriving the device. This issue affects Juniper Networks QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, EX4600, and EX4650, and QFX5100 with QFX 5e Series image installed. QFX5130 and QFX5220 are not affected from this issue. This issue affects Juniper Networks Junos OS 18.4R2-S5 on QFX5000 Series and EX4600 Series. No other product or platform is affected by this vulnerability."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-474", "description": "CWE-474 : Use of Function with Inconsistent Implementations", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-15T20:01:13", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA11196"}], "solutions": [{"lang": "en", "value": "The following software releases has been updated to resolve this specific issue: Junos OS 18.4R2-S6."}], "source": {"advisory": "JSA11196", "defect": ["1544160"], "discovery": "USER"}, "title": "Junos OS: QFX5000 Series and EX4600 Series: Enhanced storm control might not work leading to partial Denial of Service", "workarounds": [{"lang": "en", "value": "There are no viable workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2021-07-14T16:00:00.000Z", "ID": "CVE-2021-0294", "STATE": "PUBLIC", "TITLE": "Junos OS: QFX5000 Series and EX4600 Series: Enhanced storm control might not work leading to partial Denial of Service"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos OS", "version": {"version_data": [{"platform": "QFX5000 Series, EX4600 Series", "version_affected": "=", "version_value": "18.4R2-S5"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "configuration": [{"lang": "en", "value": "This issue only affects the above devices if configured with:\n\n [ forwarding-options storm-control enhanced ]"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Juniper Networks Junos OS, which only affects the release 18.4R2-S5, where a function is inconsistently implemented on Juniper Networks Junos QFX5000 Series and EX4600 Series, and if \"storm-control enhanced\" is configured, can lead to the enhanced storm control filter group not be installed. It will cause storm control not to work hence allowing an attacker to cause high CPU usage or packet loss issues by sending a large amount of broadcast or unknown unicast packets arriving the device. This issue affects Juniper Networks QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, EX4600, and EX4650, and QFX5100 with QFX 5e Series image installed. QFX5130 and QFX5220 are not affected from this issue. This issue affects Juniper Networks Junos OS 18.4R2-S5 on QFX5000 Series and EX4600 Series. No other product or platform is affected by this vulnerability."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-474 : Use of Function with Inconsistent Implementations"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA11196", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA11196"}]}, "solution": [{"lang": "en", "value": "The following software releases has been updated to resolve this specific issue: Junos OS 18.4R2-S6."}], "source": {"advisory": "JSA11196", "defect": ["1544160"], "discovery": "USER"}, "work_around": [{"lang": "en", "value": "There are no viable workarounds for this issue."}]}}}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2021-0294", "datePublished": "2021-07-14T00:00:00", "dateReserved": "2020-10-27T00:00:00", "dateUpdated": "2021-07-15T20:01:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s5:*:*:*:*:*:*", "matchCriteriaId": "34E28FD9-1089-42F7-8586-876DBEC965DE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1BB20B5-EA30-4E8E-9055-2E629648436A", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B425BB1-3C78-42B1-A6C1-216E514191F0", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*", "matchCriteriaId": "E974B4BC-64C5-4BB6-AF31-D46AF3763416", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*", "matchCriteriaId": "79A8847B-4F98-4949-8639-5CD2B411D10F", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*", "matchCriteriaId": "09EBDE4B-764F-4DF1-844A-BB8A52CD53EF", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDC5478F-A047-4F6D-BB11-0077A74C0174", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*", "matchCriteriaId": "D877320D-1997-4B66-B11B-864020C755E1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in Juniper Networks Junos OS, which only affects the release 18.4R2-S5, where a function is inconsistently implemented on Juniper Networks Junos QFX5000 Series and EX4600 Series, and if \"storm-control enhanced\" is configured, can lead to the enhanced storm control filter group not be installed. It will cause storm control not to work hence allowing an attacker to cause high CPU usage or packet loss issues by sending a large amount of broadcast or unknown unicast packets arriving the device. This issue affects Juniper Networks QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, EX4600, and EX4650, and QFX5100 with QFX 5e Series image installed. QFX5130 and QFX5220 are not affected from this issue. This issue affects Juniper Networks Junos OS 18.4R2-S5 on QFX5000 Series and EX4600 Series. No other product or platform is affected by this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad en Juniper Networks Junos OS, que s\u00f3lo afecta a la versi\u00f3n 18.4R2-S5, en la que una funci\u00f3n es inconsistentemente implementada en las series QFX5000 y EX4600 de Juniper Networks, y si se configura \"storm-control enhanced\", puede conllevar a que el grupo storm-control enhanced filter no sea instalado. Esto har\u00e1 que storm control no funcione, lo que permitir\u00e1 a un atacante causar un alto uso de la CPU o problemas de p\u00e9rdida de paquetes mediante el env\u00edo de una gran cantidad de paquetes de difusi\u00f3n o unidifusi\u00f3n desconocida que llegan al dispositivo. Este problema afecta a los dispositivos QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, EX4600 y EX4650 de Juniper Networks y a los QFX5100 con la imagen de la serie QFX 5e instalada. Los modelos QFX5130 y QFX5220 no se ven afectados por este problema. Este problema afecta a Juniper Networks Junos OS 18.4R2-S5 en las series QFX5000 y EX4600. Ning\u00fan otro producto o plataforma se ve afectado por esta vulnerabilidad"}], "id": "CVE-2021-0294", "lastModified": "2021-07-28T17:08:01.793", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "sirt@juniper.net", "type": "Primary"}]}, "published": "2021-07-15T20:15:11.277", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA11196"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-474"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

JSON object

JSON object

JSON object