CVE-2021-0208 vulnerability in Juniper Networks Products
Published on January 15, 2021
Junos OS and Junos OS Evolved: In bidirectional LSP configurations, on MPLS egress router RPD may core upon receipt of specific malformed RSVP packet.
An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition. Continued receipt of the packet will sustain the Denial of Service. This issue affects: Juniper Networks Junos OS: All versions prior to 17.3R3-S10 except 15.1X49-D240 for SRX series; 17.4 versions prior to 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R3-S3; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3-S1; 20.1 versions prior to 20.1R1-S4, 20.1R2; 15.1X49 versions prior to 15.1X49-D240 on SRX Series. Juniper Networks Junos OS Evolved: 19.3 versions prior to 19.3R2-S5-EVO; 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S4-EVO.
Vulnerability Analysis
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2021-0208
Want to know whenever a new CVE is published for Juniper Networks products? stack.watch will email you.
Affected Versions
Juniper Networks Junos OS:- Version unspecified and below 17.3R3-S10 is affected.
- Version 17.4 and below 17.4R3-S2 is affected.
- Version 18.1 and below 18.1R3-S10 is affected.
- Version 18.2 and below 18.2R2-S7, 18.2R3-S4 is affected.
- Version 18.3 and below 18.3R3-S2 is affected.
- Version 18.4 and below 18.4R1-S8, 18.4R2-S6, 18.4R3-S2 is affected.
- Version 19.1 and below 19.1R1-S5, 19.1R3-S3 is affected.
- Version 19.2 and below 19.2R3 is affected.
- Version 19.3 and below 19.3R2-S5, 19.3R3 is affected.
- Version 19.4 and below 19.4R2-S2, 19.4R3-S1 is affected.
- Version 20.1 and below 20.1R1-S4, 20.1R2 is affected.
- Version 15.1X49 and below 15.1X49-D240 is affected.
- Version 19.3 and below 19.3R2-S5-EVO is affected.
- Version 19.4 and below 19.4R2-S2-EVO is affected.
- Version 20.1 and below 20.1R1-S4-EVO is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.