CVE-2021-0221

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

15/01/2021

Last modified:

05/02/2021

Description

In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. The traffic loop will cause interface traffic to increase abnormally, ultimately leading to a Denial of Service (DoS) in packet processing. The following command could be used to monitor the interface traffic: user@junos> monitor interface traffic Interface Link Input packets (pps) Output packets (pps) et-0/0/1 Up 6492089274364 (70994959) 6492089235319 (70994956) et-0/0/25 Up 343458103 (1) 156844 (0) ae0 Up 9132519197257 (70994959) 9132519139454 (70994956) This issue affects Juniper Networks Junos OS on QFX Series: all versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2.

Impact

Vector 3.x

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 6.50 MEDIUM
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x

6.50

Severity 3.x

MEDIUM

Vector 2.0

AV:A/AC:M/Au:N/C:N/I:N/A:P CVSS v2.0 Severity and Metrics:

Base Score: 2.90 LOW
Vector: AV:A/AC:M/Au:N/C:N/I:N/A:P

Attack Vector (AV): Adjacent
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): None
Integrity (I): None
Availability (A): Physical

Base Score 2.0

2.90

Severity 2.0

LOW

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:juniper:junos:17.3:-::::::
cpe:2.3:o:juniper:junos:17.3:r1-s1::::::
cpe:2.3:o:juniper:junos:17.3:r2::::::
cpe:2.3:o:juniper:junos:17.3:r2-s1::::::
cpe:2.3:o:juniper:junos:17.3:r2-s2::::::
cpe:2.3:o:juniper:junos:17.3:r2-s3::::::
cpe:2.3:o:juniper:junos:17.3:r2-s4::::::
cpe:2.3:o:juniper:junos:17.3:r2-s5::::::
cpe:2.3:o:juniper:junos:17.3:r3:-:::::*
cpe:2.3:o:juniper:junos:17.3:r3-s1::::::
cpe:2.3:o:juniper:junos:17.3:r3-s2::::::
cpe:2.3:o:juniper:junos:17.3:r3-s3::::::
cpe:2.3:o:juniper:junos:17.3:r3-s4::::::
cpe:2.3:o:juniper:junos:17.3:r3-s7::::::
cpe:2.3:o:juniper:junos:17.3:r3-s8::::::

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

https://kb.juniper.net/JSA11111

CPE	From	Up to
cpe:2.3:o:juniper:junos:17.3:-::::::
cpe:2.3:o:juniper:junos:17.3:r1-s1::::::
cpe:2.3:o:juniper:junos:17.3:r2::::::
cpe:2.3:o:juniper:junos:17.3:r2-s1::::::
cpe:2.3:o:juniper:junos:17.3:r2-s2::::::
cpe:2.3:o:juniper:junos:17.3:r2-s3::::::
cpe:2.3:o:juniper:junos:17.3:r2-s4::::::
cpe:2.3:o:juniper:junos:17.3:r2-s5::::::
cpe:2.3:o:juniper:junos:17.3:r3:-:::::*
cpe:2.3:o:juniper:junos:17.3:r3-s1::::::
cpe:2.3:o:juniper:junos:17.3:r3-s2::::::
cpe:2.3:o:juniper:junos:17.3:r3-s3::::::
cpe:2.3:o:juniper:junos:17.3:r3-s4::::::
cpe:2.3:o:juniper:junos:17.3:r3-s7::::::
cpe:2.3:o:juniper:junos:17.3:r3-s8::::::