CVE-2021-31377— Junos OS: A local authenticated attacker can cause RPD to core

CVSS 5.5 · Medium EPSS 0.03% · P10 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-31377

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Junos OS: A local authenticated attacker can cause RPD to core

Source: NVD (National Vulnerability Database)

Vulnerability Description

An Incorrect Permission Assignment for Critical Resource vulnerability of a certain file in the filesystem of Junos OS allows a local authenticated attacker to cause routing process daemon (RPD) to crash and restart, causing a Denial of Service (DoS). Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S7; 19.1 versions prior to 19.1R2-S3, 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R1-S1, 20.4R2.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

关键资源的不正确权限授予

Source: NVD (National Vulnerability Database)

Vulnerability Title

Juniper Networks Junos OS 资源管理错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Juniper Networks Junos OS是美国瞻博网络（Juniper Networks）公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos OS存在资源管理错误漏洞，该漏洞源于Junos OS 文件系统中某个文件的关键资源权限分配不正确漏洞允许本地身份验证的攻击者导致路由进程守护程序 (RPD) 崩溃并重新启动，从而导致拒绝服务 (DoS)。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Juniper Networks	Junos OS	15.1 ~ 15.1R7-S9	-

II. Public POCs for CVE-2021-31377

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-31377

请登录查看更多情报信息。

https://kb.juniper.net/JSA11242x_refsource_CONFIRM
https://nvd.nist.gov/vuln/detail/CVE-2021-31377

Same Patch Batch · Juniper Networks · 2021-10-19 · 42 CVEs total

CVE-2021-31349	9.8 CRITICAL	Session Smart Router: Authentication Bypass Vulnerability
CVE-2021-31385	8.8 HIGH	Junos OS: J-Web: A path traversal vulnerability allows an authenticated attacker to elevat
CVE-2021-31372	8.8 HIGH	Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to ro
CVE-2021-31373	8.0 HIGH	Junos OS: SRX Series: Persistent XSS vulnerability in J-Web
CVE-2021-31355	8.0 HIGH	Junos OS: Stored Cross-Site Scripting (XSS) vulnerability in captive portal
CVE-2021-31359	7.8 HIGH	Junos OS and Junos OS Evolved: Local Privilege Escalation vulnerability
CVE-2021-31358	7.8 HIGH	Junos OS Evolved: shell-injection vulnerabilities in evo_sftp UI wrapper script
CVE-2021-31357	7.8 HIGH	Junos OS Evolved: shell-injection vulnerabilities in evo_tcpdump UI wrapper script
CVE-2021-31356	7.8 HIGH	Junos OS Evolved: Multiple shell-injection vulnerabilities in EVO UI wrapper scripts
CVE-2021-31376	7.5 HIGH	Junos OS: ACX Series: Packet Forwarding Engine manager (FXPC) process crashes when process
CVE-2021-31353	7.5 HIGH	Junos OS and Junos OS Evolved: RPD core upon receipt of specific BGP update
CVE-2021-31374	7.5 HIGH	Junos OS and Junos OS Evolved: RPD crash while processing a specially crafted BGP UPDATE o
CVE-2021-31379	7.5 HIGH	Junos OS: MX Series: MPC 7/8/9/10/11 cards with MAP-E: PFE halts when an attacker sends ma
CVE-2021-31351	7.5 HIGH	Junos OS: MX Series: Receipt of specific packet on MS-MPC/MS-MIC causes line card reset
CVE-2021-31350	7.5 HIGH	Junos OS and Junos OS Evolved: Privilege escalation vulnerability in Juniper Extension Too
CVE-2021-31383	7.5 HIGH	Junos OS and Junos OS Evolved: In Point to MultiPoint (P2MP) scenarios receipt of various
CVE-2021-0299	7.5 HIGH	Junos OS: Kernel crash (vmcore) upon receipt of a malformed IPv6 packet
CVE-2021-31368	7.5 HIGH	Junos OS: EX2300 Series, EX3400 Series, and ACX710 might become unresponsive if the out-of
CVE-2021-0296	7.4 HIGH	CTPView: HSTS not being enforced on CTPView server.
CVE-2021-31384	7.2 HIGH	Junos OS: SRX Series: Under a specific device configuration an attacker can access the dev

Showing top 20 of 42 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Junos OS

Same vendor: Juniper Networks

Same weakness: CWE-732

V. Comments for CVE-2021-31377

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-31377— Junos OS: A local authenticated attacker can cause RPD to core

I. Basic Information for CVE-2021-31377

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-31377

III. Intelligence Information for CVE-2021-31377

Same Patch Batch · Juniper Networks · 2021-10-19 · 42 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-31377

Leave a comment