15.1

CVSS 3.3 - LOW

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

low complexity

juniper

CWE-415

NVD

Published: 2021-04-22

Updated: 2021-07-23

Summary

A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the crafted ARP packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series. 12.3 versions prior to 12.3R12-S17; 15.1 versions prior to 15.1R7-S8. This issue only affects the listed Marvell-chipset based EX Series devices. No other products or platforms are affected.

Vulnerable Configurations

Part	Description	Count
OS	Juniper Juniper Junos 12.3 Juniper Junos 15.1	72
Hardware	Juniper Juniper Ex2200 C - Juniper Ex3200 - Juniper Ex3300 - Juniper Ex4200 - Juniper Ex4500 - Juniper Ex4550 - Juniper Ex6210 - Juniper Ex8208 - Juniper Ex8216 -	9

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

https://kb.juniper.net/JSA11162