CVE-2021-0291 vulnerability in Juniper Networks Products
Published on July 15, 2021
Junos OS and Junos OS Evolved: A vulnerability allows a network based unauthenticated attacker which sends a high rate of specific traffic to cause a partial Denial of Service
An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. The SNMP Agent Extensibility (agentx) process should only be listening to TCP port 705 on the internal routing instance. External connections destined to port 705 should not be allowed. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS Evolved versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 13.2R1.
Vulnerability Analysis
CVE-2021-0291 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity, and a small impact on availability.
Weakness Type
Exposure of Sensitive System Information to an Unauthorized Control Sphere
The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.
Products Associated with CVE-2021-0291
Want to know whenever a new CVE is published for Juniper Networks products? stack.watch will email you.
Affected Versions
Juniper Networks Junos OS:- Version unspecified and below 13.2R1 is unaffected.
- Version 15.1 and below 15.1R7-S9 is affected.
- Version 17.3 and below 17.3R3-S12 is affected.
- Version 17.4 and below 17.4R2-S13, 17.4R3-S5 is affected.
- Version 18.3 and below 18.3R3-S5 is affected.
- Version 18.4 and below 18.4R2-S8, 18.4R3-S9 is affected.
- Version 19.1 and below 19.1R3-S5 is affected.
- Version 19.2 and below 19.2R3-S2 is affected.
- Version 19.3 and below 19.3R2-S6, 19.3R3-S2 is affected.
- Version 19.4 and below 19.4R1-S4, 19.4R2-S4, 19.4R3 is affected.
- Version 20.1 and below 20.1R2 is affected.
- Version 20.2 and below 20.2R2 is affected.
- Version 20.3 and below 20.3R2 is affected.
- Version unspecified and below 20.3R2-EVO is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.