Vulnerabilities > CVE-2021-31353 - Improper Handling of Exceptional Conditions vulnerability in Juniper Junos and Junos OS Evolved

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

juniper

CWE-755

NVD

Published: 2021-10-19

Updated: 2021-10-25

Summary

An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an attacker to inject a specific BGP update, causing the routing protocol daemon (RPD) to crash and restart, leading to a Denial of Service (DoS). Continued receipt and processing of the BGP update will create a sustained Denial of Service (DoS) condition. This issue affects very specific versions of Juniper Networks Junos OS: 19.3R3-S2; 19.4R3-S3; 20.2 versions 20.2R2-S3 and later, prior to 20.2R3-S2; 20.3 versions 20.3R2 and later, prior to 20.3R3; 20.4 versions 20.4R2 and later, prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS 20.1 is not affected by this issue. This issue also affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO, 20.4R3-EVO; 21.1-EVO versions prior to 21.1R2-EVO; 21.2-EVO versions prior to 21.2R2-EVO.

Vulnerable Configurations

Part	Description	Count
OS	Juniper Juniper Junos OS Evolved 20.4 Juniper Junos OS Evolved 21.1 Juniper Junos OS Evolved 21.2 Juniper Junos OS Evolved 18.3 Juniper Junos OS Evolved 19.1 Juniper Junos OS Evolved 19.2 Juniper Junos OS Evolved 19.3 Juniper Junos OS Evolved 19.4 Juniper Junos OS Evolved 20.1 Juniper Junos OS Evolved 20.2 Juniper Junos OS Evolved 20.3 Juniper Junos 20.2 Juniper Junos 20.3 Juniper Junos 21.1 Juniper Junos 20.4 Juniper Junos 19.4 Juniper Junos 19.3	55

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

References

https://kb.juniper.net/JSA11218