Vulnerability Name:

CVE-2021-0264 (CCN-199969)

Assigned:2020-10-27
Published:2021-04-14
Updated:2021-04-30
Summary:A vulnerability in the processing of traffic matching a firewall filter containing a syslog action in Juniper Networks Junos OS on MX Series with MPC10/MPC11 cards installed, PTX10003 and PTX10008 Series devices, will cause the line card to crash and restart, creating a Denial of Service (DoS). Continued receipt and processing of packets matching the firewall filter can create a sustained Denial of Service (DoS) condition. When traffic hits the firewall filter, configured on lo0 or any physical interface on the line card, containing a term with a syslog action (e.g. 'term <name> then syslog'), the affected line card will crash and restart, impacting traffic processing through the ports of the line card. This issue only affects MX Series routers with MPC10 or MPC11 line cards, and PTX10003 or PTX10008 Series packet transport routers. No other platforms or models of line cards are affected by this issue.
Note: This issue has also been identified and described in technical service bulletin TSB17931 (login required). This issue affects: Juniper Networks Junos OS on MX Series: 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved on PTX10003, PTX10008: All versions prior to 20.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-755
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2021-0264

Source: XF
Type: UNKNOWN
juniper-cve20210264-dos(199969)

Source: CCN
Type: Juniper Networks Security Bulletin JSA11155
Junos OS and Junos OS Evolved: MX Series with MPC10/MPC11, PTX10003, PTX10008: Line card may crash and restart when traffic is hitting a firewall filter having a term with syslog action configured (CVE-2021-0264)

Source: MISC
Type: Vendor Advisory
https://kb.juniper.net/JSA11155

Source: MISC
Type: Permissions Required, Vendor Advisory
https://kb.juniper.net/TSB17931

Vulnerable Configuration:Configuration 1:
  • cpe:/o:juniper:junos:19.3:-:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.3:r1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.3:r2:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.3:r2-s3:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.3:r2-s4:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.3:r2-s5:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.3:r3:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.4:r1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.4:r2:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.4:r2-s2:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.4:r3:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.4:r3-s1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.1:r1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.1:r1-s3:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.1:r1-s4:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.1:r2:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.1:r2-s1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.2:r1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.2:r2:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.2:r2-s1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.3:r1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.3:r2:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.4:r1:*:*:*:*:*:*
  • AND
  • cpe:/h:juniper:mx10:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mx10000:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mx10003:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mx10008:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mx10016:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mx104:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mx150:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mx2008:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mx2010:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mx2020:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mx204:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mx240:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mx40:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mx480:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mx5:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mx80:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:mx960:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:juniper:junos_os_evolved:18.3:r1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos_os_evolved:19.1:r1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos_os_evolved:19.1:r2:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos_os_evolved:19.2:r1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos_os_evolved:19.2:r2:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos_os_evolved:19.3:r1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos_os_evolved:19.3:r2:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos_os_evolved:20.1:r1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos_os_evolved:20.1:r2:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos_os_evolved:20.2:r1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos_os_evolved:20.2:r2:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos_os_evolved:20.3:r1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos_os_evolved:20.3:r2:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*
  • AND
  • cpe:/h:juniper:ptx10003:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:ptx10008:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:juniper:junos_evolved:19.2:r1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.3:-:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:19.4:r1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.1:r1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.2:r1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:20.3:r1:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    juniper junos 19.3 -
    juniper junos 19.3 r1
    juniper junos 19.3 r1-s1
    juniper junos 19.3 r2
    juniper junos 19.3 r2-s1
    juniper junos 19.3 r2-s2
    juniper junos 19.3 r2-s3
    juniper junos 19.3 r2-s4
    juniper junos 19.3 r2-s5
    juniper junos 19.3 r3
    juniper junos 19.4 r1
    juniper junos 19.4 r1-s1
    juniper junos 19.4 r1-s2
    juniper junos 19.4 r2
    juniper junos 19.4 r2-s1
    juniper junos 19.4 r2-s2
    juniper junos 19.4 r3
    juniper junos 19.4 r3-s1
    juniper junos 20.1 r1
    juniper junos 20.1 r1-s1
    juniper junos 20.1 r1-s2
    juniper junos 20.1 r1-s3
    juniper junos 20.1 r1-s4
    juniper junos 20.1 r2
    juniper junos 20.1 r2-s1
    juniper junos 20.2 r1
    juniper junos 20.2 r1-s1
    juniper junos 20.2 r1-s2
    juniper junos 20.2 r1-s3
    juniper junos 20.2 r2
    juniper junos 20.2 r2-s1
    juniper junos 20.3 r1
    juniper junos 20.3 r2
    juniper junos 20.4 r1
    juniper mx10 -
    juniper mx10000 -
    juniper mx10003 -
    juniper mx10008 -
    juniper mx10016 -
    juniper mx104 -
    juniper mx150 -
    juniper mx2008 -
    juniper mx2010 -
    juniper mx2020 -
    juniper mx204 -
    juniper mx240 -
    juniper mx40 -
    juniper mx480 -
    juniper mx5 -
    juniper mx80 -
    juniper mx960 -
    juniper junos os evolved 18.3 r1
    juniper junos os evolved 19.1 r1
    juniper junos os evolved 19.1 r2
    juniper junos os evolved 19.2 r1
    juniper junos os evolved 19.2 r2
    juniper junos os evolved 19.3 r1
    juniper junos os evolved 19.3 r2
    juniper junos os evolved 20.1 r1
    juniper junos os evolved 20.1 r2
    juniper junos os evolved 20.2 r1
    juniper junos os evolved 20.2 r2
    juniper junos os evolved 20.3 r1
    juniper junos os evolved 20.3 r2
    juniper junos os evolved 20.4 r1
    juniper ptx10003 -
    juniper ptx10008 -
    juniper junos evolved 19.2 r1
    juniper junos 19.3 -
    juniper junos 19.4 r1
    juniper junos 20.1 r1
    juniper junos 20.2 r1
    juniper junos 20.3 r1