CVE-2021-0267
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
22/04/2021
Last modified:
23/07/2021
Description
An Improper Input Validation vulnerability in the active-lease query portion in JDHCPD's DHCP Relay Agent of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending a crafted DHCP packet to the device thereby crashing the jdhcpd DHCP service. This is typically configured for Broadband Subscriber Sessions. Continued receipt and processing of this crafted packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Junos OS Evolved.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
3.30
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:19.4:r2-s2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:19.4:r3:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:20.1:r1-s4:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:20.1:r2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page