CVE-2021-0294

Junos OS: QFX5000 Series and EX4600 Series: Enhanced storm control might not work leading to partial Denial of Service

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in Juniper Networks Junos OS, which only affects the release 18.4R2-S5, where a function is inconsistently implemented on Juniper Networks Junos QFX5000 Series and EX4600 Series, and if "storm-control enhanced" is configured, can lead to the enhanced storm control filter group not be installed. It will cause storm control not to work hence allowing an attacker to cause high CPU usage or packet loss issues by sending a large amount of broadcast or unknown unicast packets arriving the device. This issue affects Juniper Networks QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, EX4600, and EX4650, and QFX5100 with QFX 5e Series image installed. QFX5130 and QFX5220 are not affected from this issue. This issue affects Juniper Networks Junos OS 18.4R2-S5 on QFX5000 Series and EX4600 Series. No other product or platform is affected by this vulnerability.

Una vulnerabilidad en Juniper Networks Junos OS, que sólo afecta a la versión 18.4R2-S5, en la que una función es inconsistentemente implementada en las series QFX5000 y EX4600 de Juniper Networks, y si se configura "storm-control enhanced", puede conllevar a que el grupo storm-control enhanced filter no sea instalado. Esto hará que storm control no funcione, lo que permitirá a un atacante causar un alto uso de la CPU o problemas de pérdida de paquetes mediante el envío de una gran cantidad de paquetes de difusión o unidifusión desconocida que llegan al dispositivo. Este problema afecta a los dispositivos QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, EX4600 y EX4650 de Juniper Networks y a los QFX5100 con la imagen de la serie QFX 5e instalada. Los modelos QFX5130 y QFX5220 no se ven afectados por este problema. Este problema afecta a Juniper Networks Junos OS 18.4R2-S5 en las series QFX5000 y EX4600. Ningún otro producto o plataforma se ve afectado por esta vulnerabilidad

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-10-27 CVE Reserved
2021-07-15 CVE Published
2024-03-29 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-474: Use of Function with Inconsistent Implementations

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://kb.juniper.net/JSA11196	2021-07-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Juniper Search vendor "Juniper"	Junos Search vendor "Juniper" for product "Junos"	18.4 Search vendor "Juniper" for product "Junos" and version "18.4"	r2-s5	Affected	in	Juniper Search vendor "Juniper"	Ex4600 Search vendor "Juniper" for product "Ex4600"	-	-	Safe
Juniper Search vendor "Juniper"	Junos Search vendor "Juniper" for product "Junos"	18.4 Search vendor "Juniper" for product "Junos" and version "18.4"	r2-s5	Affected	in	Juniper Search vendor "Juniper"	Ex4650 Search vendor "Juniper" for product "Ex4650"	-	-	Safe
Juniper Search vendor "Juniper"	Junos Search vendor "Juniper" for product "Junos"	18.4 Search vendor "Juniper" for product "Junos" and version "18.4"	r2-s5	Affected	in	Juniper Search vendor "Juniper"	Qfx5100 Search vendor "Juniper" for product "Qfx5100"	-	-	Safe
Juniper Search vendor "Juniper"	Junos Search vendor "Juniper" for product "Junos"	18.4 Search vendor "Juniper" for product "Junos" and version "18.4"	r2-s5	Affected	in	Juniper Search vendor "Juniper"	Qfx5110 Search vendor "Juniper" for product "Qfx5110"	-	-	Safe
Juniper Search vendor "Juniper"	Junos Search vendor "Juniper" for product "Junos"	18.4 Search vendor "Juniper" for product "Junos" and version "18.4"	r2-s5	Affected	in	Juniper Search vendor "Juniper"	Qfx5120 Search vendor "Juniper" for product "Qfx5120"	-	-	Safe
Juniper Search vendor "Juniper"	Junos Search vendor "Juniper" for product "Junos"	18.4 Search vendor "Juniper" for product "Junos" and version "18.4"	r2-s5	Affected	in	Juniper Search vendor "Juniper"	Qfx5200 Search vendor "Juniper" for product "Qfx5200"	-	-	Safe
Juniper Search vendor "Juniper"	Junos Search vendor "Juniper" for product "Junos"	18.4 Search vendor "Juniper" for product "Junos" and version "18.4"	r2-s5	Affected	in	Juniper Search vendor "Juniper"	Qfx5210 Search vendor "Juniper" for product "Qfx5210"	-	-	Safe