CVE-2021-0241 – Junos OS: Receipt of specific DHCPv6 packet may cause jdhcpd to crash and restart
https://notcve.org/view.php?id=CVE-2021-0241
On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a specific DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of these specific packets will repeatedly crash the JDHCPD process and sustain the Denial of Service (DoS) condition. This issue only affects DHCPv6. DHCPv4 is not affected by this issue. This issue affects: Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1, 19.3R3-S2; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2. • https://kb.juniper.net/JSA11168 • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVE-2021-0240 – Junos OS: Receipt of malformed DHCPv6 packets causes jdhcpd to crash and restart.
https://notcve.org/view.php?id=CVE-2021-0240
On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash if a malformed DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects DHCPv6. DHCPv4 is not affected by this issue. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R3-S7; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2. • https://kb.juniper.net/JSA11168 • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVE-2021-0238 – Junos OS: MX Series: Executing CLI command repetitively may cause the system to run out of disk space
https://notcve.org/view.php?id=CVE-2021-0238
When a MX Series is configured as a Broadband Network Gateway (BNG) based on Layer 2 Tunneling Protocol (L2TP), executing certain CLI command may cause the system to run out of disk space, excessive disk usage may cause other complications. An administrator can use the following CLI command to monitor the available disk space: user@device> show system storage Filesystem Size Used Avail Capacity Mounted on /dev/gpt/junos 19G 18G 147M 99% /.mount <<<<< running out of space tmpfs 21G 16K 21G 0% /.mount/tmp tmpfs 5.3G 1.7M 5.3G 0% /.mount/mfs This issue affects Juniper Networks Junos OS on MX Series: 17.3R1 and later versions prior to 17.4R3-S5, 18.1 versions prior to 18.1R3-S13, 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R1-S1, 20.4R2; This issue does not affect Juniper Networks Junos OS versions prior to 17.3R1. Cuando una Serie MX se configura como Broadband Network Gateway (BNG) basada en el protocolo Layer 2 Tunneling Protocol (L2TP), la ejecución de determinados comandos de la CLI puede hacer que el sistema se quede sin espacio en el disco, el uso excesivo del disco puede causar otras complicaciones. Un administrador puede usar el siguiente comando CLI para monitorear el espacio disponible en disco: user@device> show system storage Filesystem Size Used Avail Capacity Mounted on /dev/gpt/junos 19G 18G 147M 99% /.mount <<<<< running out of space tmpfs 21G 16K 21G 0% /.mount/tmp tmpfs 5.3G 1.7M 5.3G 0% /.mount/mfs. Este problema afecta a Juniper Networks Junos OS en la serie MX: 17.3R1 y posteriores, versiones anteriores a 17.4R3-S5, versiones 18.1 anteriores a 18.1R3-S13, versiones 18.2 anteriores a 18.2R3-S7; versiones 18.3 anteriores a 18.3R3-S4; versiones 18.4 anteriores a 18.4R3-S7; versiones 19.1 anteriores a 19.1R3-S4; 19. • https://kb.juniper.net/JSA11133 • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-0237 – Junos OS: EX4300-MP/EX4600/EX4650/QFX5K Series: Packet Forwarding Engine manager (FXPC) process crashes when deployed in a Virtual Chassis (VC) configuration
https://notcve.org/view.php?id=CVE-2021-0237
On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series deployed as a Virtual Chassis with a specific Layer 2 circuit configuration, Packet Forwarding Engine manager (FXPC) process may crash and restart upon receipt of specific layer 2 frames. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4, 17.4R3-S5; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2; En Juniper Networks Serie EX4300-MP, Serie EX4600, Serie EX4650, Serie QFX5K implementadas como un Virtual Chassis con una configuración de circuito de capa 2 específica, el proceso del Packet Forwarding Engine manager (FXPC) puede bloquearse y reiniciarse al recibir tramas de capa 2 específicas. La recepción y el procesamiento continuo de este paquete crearán una condición sostenida de Denegación de Servicio (DoS). Este problema afecta a: Juniper Networks Junos OS en las versiones Serie EX4300-MP, Serie EX4600, Serie EX4650, Serie QFX5K versiones 15.1 anteriores a 15.1R7-S9; versiones 17.3 anteriores a 17.3R3-S11; versiones 17.4 anteriores a 17.4R2-S13, 17.4R3-S4, 17.4R3-S5; versiones 18.2 anteriores a 18.2R3-S8; versiones 18.3 anteriores a 18.3R3-S4; versiones 18.4 anteriores a 18.4R2-S7, 18.4R3-S6; versiones 19.1 anteriores a 19.1R3-S4; versiones 19.2 anteriores a 19.2R1-S6, 19.2R3-S1; versiones 19.3 anteriores a 19.3R3-S1; versiones 19.4 anteriores a 19.4R2-S4, 19.4R3-S1; versiones 20.1 anteriores a 20.1R2; versiones 20.2 anteriores a 20.2R2, 20.2R3; versiones 20.3 anteriores a 20.3R1-S2, 20.3R2; • https://kb.juniper.net/JSA11132 •
CVE-2021-0236 – Junos OS: A specific BGP VPNv6 flowspec message causes routing protocol daemon (rpd) process to crash with a core.
https://notcve.org/view.php?id=CVE-2021-0236
Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only Multiprotocol BGP (MP-BGP) VPNv6 FlowSpec deployments. This issue affects: Juniper Networks Junos OS: 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS Evolved: All versions after 18.4R1-EVO prior to 20.3R2-EVO. • https://kb.juniper.net/JSA11131 • CWE-754: Improper Check for Unusual or Exceptional Conditions •