{ "id": "CVE-2021-31376", "sourceIdentifier": "sirt@juniper.net", "published": "2021-10-19T19:15:10.840", "lastModified": "2021-10-25T16:20:45.673", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An Improper Input Validation vulnerability in Packet Forwarding Engine manager (FXPC) process of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending specific DHCPv6 packets to the device and crashing the FXPC service. Continued receipt and processing of this specific packet will create a sustained Denial of Service (DoS) condition. This issue affects only the following platforms in ACX Series: ACX500, ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX5048, ACX5096 devices. Other ACX platforms are not affected from this issue. This issue affects Juniper Networks Junos OS on ACX500, ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX5048, ACX5096: 18.4 version 18.4R3-S7 and later versions prior to 18.4R3-S8. This issue does not affect: Juniper Networks Junos OS 18.4 versions prior to 18.4R3-S7 on ACX500, ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX5048, ACX5096." }, { "lang": "es", "value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en el proceso del Administrador del Motor de Reenv\u00edo de Paquetes (FXPC) de Juniper Networks Junos OS permite a un atacante causar una Denegaci\u00f3n de Servicio (DoS) mediante el env\u00edo de paquetes DHCPv6 espec\u00edficos al dispositivo y el bloqueo del servicio FXPC. La recepci\u00f3n y el procesamiento continuados de este paquete espec\u00edfico crear\u00e1n una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) sostenida. Este problema afecta s\u00f3lo a las siguientes plataformas de la serie ACX: ACX500, ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX5048, ACX5096. Otras plataformas ACX no est\u00e1n afectadas por este problema. Este problema afecta a Juniper Networks Junos OS en ACX500, ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX5048, ACX5096: versi\u00f3n 18.4 18.4R3-S7 y versiones posteriores anteriores a 18.4R3-S8. Este problema no afecta: Juniper Networks Junos OS versiones 18.4 anteriores a 18.4R3-S7 en ACX500, ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX5048, ACX5096" } ], "metrics": { "cvssMetricV31": [ { "source": "sirt@juniper.net", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" } ] }, { "source": "sirt@juniper.net", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-20" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s7:*:*:*:*:*:*", "matchCriteriaId": "14FC491D-8DA8-4E79-A9A6-3629E41C847A" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:juniper:acx1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF19CB03-4A42-48BC-A6E1-A6F56D40F422" }, { "vulnerable": false, "criteria": "cpe:2.3:h:juniper:acx1100:-:*:*:*:*:*:*:*", "matchCriteriaId": "648CB4A2-05FA-4445-BB4F-F9285A8E8A5D" }, { "vulnerable": false, "criteria": "cpe:2.3:h:juniper:acx2100:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9F5683A-7DCC-4691-AD3A-F2B66684DA9C" }, { "vulnerable": false, "criteria": "cpe:2.3:h:juniper:acx2200:-:*:*:*:*:*:*:*", "matchCriteriaId": "154658D0-FE3E-43C1-8A4D-CAF67C9BCD98" }, { "vulnerable": false, "criteria": "cpe:2.3:h:juniper:acx4000:-:*:*:*:*:*:*:*", "matchCriteriaId": "76E2CDA9-2379-482C-B509-D527AFE2C7D5" }, { "vulnerable": false, "criteria": "cpe:2.3:h:juniper:acx500:-:*:*:*:*:*:*:*", "matchCriteriaId": "36729286-5080-47E8-A961-976BF64F5A93" }, { "vulnerable": false, "criteria": "cpe:2.3:h:juniper:acx5048:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F8DB691-C9F4-4084-8563-642A2F63DA86" }, { "vulnerable": false, "criteria": "cpe:2.3:h:juniper:acx5096:-:*:*:*:*:*:*:*", "matchCriteriaId": "44B58F51-4F0D-40BD-A90F-226A26F4646E" } ] } ] } ], "references": [ { "url": "https://kb.juniper.net/JSA11241", "source": "sirt@juniper.net", "tags": [ "Vendor Advisory" ] } ] }