CVE-2021-0298 - OpenCVE

A Race Condition in the 'show chassis pic' command in Juniper Networks Junos OS Evolved may allow an attacker to crash the port interface concentrator daemon (picd) process on the FPC, if the command is executed coincident with other system events outside the attacker's control, leading to a Denial of Service (DoS) condition. Continued execution of the CLI command, under precise conditions, could create a sustained Denial of Service (DoS) condition. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO on PTX10003 and PTX10008 platforms. Junos OS is not affected by this vulnerability.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:H/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Juniper	Ptx10008 Ptx10003 Junos Os Evolved

Configuration 1 [-]

AND

OR	cpe:2.3:o:juniper:junos_os_evolved:18.3:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:19.1:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:19.1:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:19.2:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:19.2:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:19.3:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:19.3:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:19.4:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:19.4:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.1:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.1:r1-s1::::::

OR	cpe:2.3:h:juniper:ptx10003:-:::::::*
	cpe:2.3:h:juniper:ptx10008:-:::::::*

References

Link	Resource
https://kb.juniper.net/JSA11212	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: juniper

Published: 2021-10-13T00:00:00

Updated: 2021-10-19T18:16:25

Reserved: 2020-10-27T00:00:00

Link: CVE-2021-0298

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-10-19T19:15:08.350

Modified: 2021-10-25T14:38:13.893

Link: CVE-2021-0298

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"containers": {"cna": {"affected": [{"platforms": ["PTX10003, PTX10008"], "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "20.1R2-EVO", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-10-13T00:00:00", "descriptions": [{"lang": "en", "value": "A Race Condition in the 'show chassis pic' command in Juniper Networks Junos OS Evolved may allow an attacker to crash the port interface concentrator daemon (picd) process on the FPC, if the command is executed coincident with other system events outside the attacker's control, leading to a Denial of Service (DoS) condition. Continued execution of the CLI command, under precise conditions, could create a sustained Denial of Service (DoS) condition. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO on PTX10003 and PTX10008 platforms. Junos OS is not affected by this vulnerability."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"description": "Denial of Service (DoS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-19T18:16:25", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA11212"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.1R2-EVO, 20.2R1-EVO, and all subsequent releases.\n"}], "source": {"advisory": "JSA11212", "defect": ["1497285"], "discovery": "INTERNAL"}, "title": "Junos OS Evolved: PTX10003, PTX10008: picd core while executing the \"show chassis pic\" command under certain conditions", "workarounds": [{"lang": "en", "value": "Use access lists or firewall filters to limit access to the router via CLI only from trusted hosts and from trusted administrators."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2021-10-13T16:00:00.000Z", "ID": "CVE-2021-0298", "STATE": "PUBLIC", "TITLE": "Junos OS Evolved: PTX10003, PTX10008: picd core while executing the \"show chassis pic\" command under certain conditions"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos OS Evolved", "version": {"version_data": [{"platform": "PTX10003, PTX10008", "version_affected": "<", "version_value": "20.1R2-EVO"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Race Condition in the 'show chassis pic' command in Juniper Networks Junos OS Evolved may allow an attacker to crash the port interface concentrator daemon (picd) process on the FPC, if the command is executed coincident with other system events outside the attacker's control, leading to a Denial of Service (DoS) condition. Continued execution of the CLI command, under precise conditions, could create a sustained Denial of Service (DoS) condition. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO on PTX10003 and PTX10008 platforms. Junos OS is not affected by this vulnerability."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"}]}, {"description": [{"lang": "eng", "value": "Denial of Service (DoS)"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA11212", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA11212"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.1R2-EVO, 20.2R1-EVO, and all subsequent releases.\n"}], "source": {"advisory": "JSA11212", "defect": ["1497285"], "discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "Use access lists or firewall filters to limit access to the router via CLI only from trusted hosts and from trusted administrators."}]}}}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2021-0298", "datePublished": "2021-10-13T00:00:00", "dateReserved": "2020-10-27T00:00:00", "dateUpdated": "2021-10-19T18:16:25", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:18.3:r1:*:*:*:*:*:*", "matchCriteriaId": "7E72627C-4793-4F22-B769-A3FFB77E7DE1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.1:r1:*:*:*:*:*:*", "matchCriteriaId": "2C3245C5-9EE1-490C-B7C7-5C02F155DDD8", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.1:r2:*:*:*:*:*:*", "matchCriteriaId": "01A9BD92-5865-455D-9585-098DCFCC24DD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.2:r1:*:*:*:*:*:*", "matchCriteriaId": "914D6984-1820-483B-AEB9-2C5257B5E900", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.2:r2:*:*:*:*:*:*", "matchCriteriaId": "14C57D33-01BB-4190-B787-F5BDACE82AFD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.3:r1:*:*:*:*:*:*", "matchCriteriaId": "6480A5C9-3280-40C5-BC08-509555F28363", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.3:r2:*:*:*:*:*:*", "matchCriteriaId": "2D3C2D74-AF22-4BED-A0C5-089B5507D275", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.4:r1:*:*:*:*:*:*", "matchCriteriaId": "83447F3F-79A3-41DF-8FD1-31DCFCBE40A4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "1699821F-FBC6-4EB9-94E5-96AF1E4E4FDE", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.1:r1:*:*:*:*:*:*", "matchCriteriaId": "F64FBB4B-7CBF-499B-A523-804857DEFAFA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "EEBE159F-5D94-4C18-B922-331586BEA2CA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:ptx10003:-:*:*:*:*:*:*:*", "matchCriteriaId": "5BD05415-9F94-4EB8-805A-C9C0FFA9D0DF", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ptx10008:-:*:*:*:*:*:*:*", "matchCriteriaId": "65A64A26-4606-4D33-8958-5A3B7FFC4CDB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A Race Condition in the 'show chassis pic' command in Juniper Networks Junos OS Evolved may allow an attacker to crash the port interface concentrator daemon (picd) process on the FPC, if the command is executed coincident with other system events outside the attacker's control, leading to a Denial of Service (DoS) condition. Continued execution of the CLI command, under precise conditions, could create a sustained Denial of Service (DoS) condition. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO on PTX10003 and PTX10008 platforms. Junos OS is not affected by this vulnerability."}, {"lang": "es", "value": "Una condici\u00f3n de carrera en el comando \"show chassis pic\" en Juniper Networks Junos OS Evolved puede permitir a un atacante bloquear el proceso del demonio concentrador de interfaz de puertos (picd) en el FPC, si el comando se ejecuta coincidiendo con otros eventos del sistema fuera del control del atacante, conllevando a una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS). La ejecuci\u00f3n continuada del comando CLI, en condiciones precisas, podr\u00eda crear una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) sostenida. Este problema afecta a todas las versiones de Junos OS Evolved anteriores a 20.1R2-EVO de Juniper Networks en las plataformas PTX10003 y PTX10008. Junos OS no est\u00e1 afectado por esta vulnerabilidad"}], "id": "CVE-2021-0298", "lastModified": "2021-10-25T14:38:13.893", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Primary"}]}, "published": "2021-10-19T19:15:08.350", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA11212"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-362"}], "source": "sirt@juniper.net", "type": "Secondary"}]}