Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-0273— Junos OS and Junos OS Evolved: Trio Chipset: Denial of Service due to packet destined to device's interfaces.

CVSS 5.3 · Medium EPSS 0.27% · P50
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-0273

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Junos OS and Junos OS Evolved: Trio Chipset: Denial of Service due to packet destined to device's interfaces.
Source: NVD (National Vulnerability Database)
Vulnerability Description
An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to cause packets destined to the devices interfaces to cause a Denial of Service (DoS) condition by looping the packet with an unreachable exit condition ('Infinite Loop'). To break this loop once it begins one side of the affected LT interfaces will need to be disabled. Once disabled, the condition will clear and the disabled LT interface can be reenabled. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only affects LT-LT interfaces. Any other interfaces are not affected by this issue. This issue affects the following cards: MPCE Type 3 3D MPC4E 3D 32XGE MPC4E 3D 2CGE+8XGE EX9200 32x10G SFP EX9200-2C-8XS FPC Type 5-3D FPC Type 5-LSR EX9200 4x40G QSFP An Indicator of Compromise (IoC) can be seen by examining the traffic of the LT-LT interfaces for excessive traffic using the following command: monitor interface traffic Before loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3759900268942 (1456 bps) [0] <---------- LT interface utilization is low Output bytes: 3759900344309 (1456 bps) [0] <---------- LT interface utilization is low After loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3765160313129 (2158268368 bps) [5260044187] <---------- LT interface utilization is very high Output bytes: 3765160399522 (2158266440 bps) [5260055213] <---------- LT interface utilization is very high This issue affects: Juniper Networks Junos OS on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960. Versions 15.1F6, 16.1R1, and later versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. This issue does not affect the MX10001. This issue does not affect Juniper Networks Junos OS versions prior to 15.1F6, 16.1R1. Juniper Networks Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 19.4 versions prior to 19.4R2-EVO. This issue does not affect the MX10001.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
不可达退出条件的循环(无限循环)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Juniper Networks Junos OS和Junos OS Evolved 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Juniper Networks Junos OS和Junos OS Evolved都是美国瞻博网络(Juniper Networks)公司的产品。Juniper Networks Junos OS是一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。Junos OS Evolved是Junos OS 的升级版系统。 Junos OS 存在安全漏洞,该漏洞源于数据包到达设备接口而拒绝服务。以下产品及版本受到影响:Junos OS 15.1, 16.1, 17.1,
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Juniper NetworksJunos OS unspecified ~ 15.1F6, 16.1R1 -
Juniper NetworksJunos OS Evolved 19.4 ~ 19.4R2-EVO -

II. Public POCs for CVE-2021-0273

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-0273

登录查看更多情报信息。

Same Patch Batch · Juniper Networks · 2021-04-22 · 53 CVEs total

CVE-2021-024810.0 CRITICALNFX Series: Hard-coded credentials allow an attacker to take control of any instance throu
CVE-2021-02549.8 CRITICALJunos OS: Remote code execution vulnerability in overlayd service
CVE-2021-02758.8 HIGHJunos OS: J-Web: Cross-site scripting attack allows an attacker to gain control of another
CVE-2021-02688.8 HIGHJunos OS: J-Web has an Improper Neutralization of CRLF Sequences in its HTTP Headers which
CVE-2021-02698.8 HIGHJunos OS: J-Web can be compromised through reflected client-side HTTP parameter pollution
CVE-2021-02518.6 HIGHJunos OS: MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC: The BRAS Subscriber Services s
CVE-2021-02498.1 HIGHJunos OS: SRX Series: A remote attacker may be able to cause a PFE buffer overflow to arbi
CVE-2021-02668.1 HIGHcSRX: Use of Hard-coded Cryptographic Keys allows an attacker to take control of the devic
CVE-2021-02658.1 HIGHContrail Insights: The REST API implementation allows an unauthenticated remote attacker t
CVE-2021-02527.8 HIGHJunos OS: NFX Series: Local Code Execution Vulnerability in JDMD Leads to Privilege Escala
CVE-2021-02457.8 HIGHJunos OS: Junos Fusion: Hard-coded credentials on satellite devices allows a locally authe
CVE-2021-02537.8 HIGHJunos OS: NFX Series: Local Command Execution Vulnerability in JDMD Leads to Privilege Esc
CVE-2021-02707.5 HIGHJunos OS: PTX Series, QFX10K Series: A PTX/QFX FPC may restart unexpectedly with the "inli
CVE-2021-02507.5 HIGHJunos OS and Junos OS Evolved: An attacker sending a specific crafted BGP update message w
CVE-2021-02277.5 HIGHJunos OS: SRX Series: Denial of Service in J-Web upon receipt of crafted HTTP packets
CVE-2021-02337.5 HIGHJunos OS: ACX500 Series, ACX4000 Series: Denial of Service due to FFEB crash while process
CVE-2021-02617.5 HIGHJunos OS: Denial of Service vulnerability in J-Web and web based (HTTP/HTTPS) services cau
CVE-2021-02307.5 HIGHJunos OS: SRX Series: Memory leak when querying Aggregated Ethernet (AE) interface statist
CVE-2021-02447.4 HIGHJunos OS: A race condition in the storm control profile may allow an attacker to cause a D
CVE-2021-02677.4 HIGHJunos OS: Receipt of a crafted DHCP packet will cause the jdhcpd DHCP service to core.

Showing top 20 of 53 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Junos OS
Same vendor: Juniper Networks
Same weakness: CWE-835

V. Comments for CVE-2021-0273

No comments yet

Leave a comment