CVE-2021-0209 vulnerability in Juniper Networks Products
Published on January 15, 2021
Junos OS Evolved: Receipt of certain valid BGP update packets from BGP peers may cause RPD to core when using REGEX.
In Juniper Networks Junos OS Evolved an attacker sending certain valid BGP update packets may cause Junos OS Evolved to access an uninitialized pointer causing RPD to core leading to a Denial of Service (DoS). Continued receipt of these types of valid BGP update packets will cause an extended Denial of Service condition. RPD will require a restart to recover. An indicator of compromise is to see if the file rpd.re exists by issuing the command: show system core-dumps This issue affects: Juniper Networks Junos OS Evolved 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S2-EVO, 20.1R2-S1-EVO. This issue does not affect Junos OS.
Vulnerability Analysis
Weakness Type
Access of Uninitialized Pointer
The program accesses or uses a pointer that has not been initialized.
Products Associated with CVE-2021-0209
stack.watch emails you whenever new vulnerabilities are published in Juniper Networks Junos Evolved or Juniper Networks Junos Os Evolved. Just hit a watch button to start following.
Affected Versions
Juniper Networks Junos OS Evolved:- Version 19.4 and below 19.4R2-S2-EVO is affected.
- Version 20.1 and below 20.1R1-S2-EVO, 20.1R2-S1-EVO is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.