mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
222 lines
9.1 KiB
JSON
222 lines
9.1 KiB
JSON
{
|
|
"id": "CVE-2021-31353",
|
|
"sourceIdentifier": "sirt@juniper.net",
|
|
"published": "2021-10-19T19:15:08.720",
|
|
"lastModified": "2021-10-25T21:41:46.123",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an attacker to inject a specific BGP update, causing the routing protocol daemon (RPD) to crash and restart, leading to a Denial of Service (DoS). Continued receipt and processing of the BGP update will create a sustained Denial of Service (DoS) condition. This issue affects very specific versions of Juniper Networks Junos OS: 19.3R3-S2; 19.4R3-S3; 20.2 versions 20.2R2-S3 and later, prior to 20.2R3-S2; 20.3 versions 20.3R2 and later, prior to 20.3R3; 20.4 versions 20.4R2 and later, prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS 20.1 is not affected by this issue. This issue also affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO, 20.4R3-EVO; 21.1-EVO versions prior to 21.1R2-EVO; 21.2-EVO versions prior to 21.2R2-EVO."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad de administraci\u00f3n inapropiada de condiciones excepcionales en Juniper Networks Junos OS y Junos OS Evolved permite a un atacante inyectar una actualizaci\u00f3n BGP espec\u00edfica, causando el bloqueo y el reinicio del demonio del protocolo de enrutamiento (RPD), conllevando a una Denegaci\u00f3n de Servicio (DoS). Si se sigue recibiendo y procesando la actualizaci\u00f3n BGP, ser\u00e1 creada una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) sostenida. Este problema afecta a versiones muy espec\u00edficas de Juniper Networks Junos OS: 19.3R3-S2; 19.4R3-S3; 20.2 versiones 20.2R2-S3 y posteriores, anteriores a 20.2R3-S2; 20.3 versiones 20.3R2 y posteriores, anteriores a 20.3R3; 20.4 versiones 20.4R2 y posteriores, anteriores a 20.4R3; versiones 21.1 anteriores a 21.1R2. Juniper Networks Junos OS 20.1 no est\u00e1 afectado por este problema. Este problema tambi\u00e9n afecta a Juniper Networks Junos OS Evolved: Todas las versiones anteriores a 20.4R2-S3-EVO, 20.4R3-EVO; 21.1-EVO versiones anteriores a 21.1R2-EVO; 21.2-EVO versiones anteriores a 21.2R2-EVO"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "sirt@juniper.net",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 5.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-755"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "sirt@juniper.net",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-755"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.3:r3-s2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D3FEA876-302D-4F07-94E6-237C669538F2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0886EFA6-47E3-4C1D-A278-D3891A487FED"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:20.2:r2-s3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3A58292B-814C-49E7-8D6D-BE26EFB9ADDF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:20.2:r3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "681AE183-7183-46E7-82EA-28C398FA1C3D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:20.2:r3-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8A6E9627-8BF1-4BE8-844B-EE8F1C9478F0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:20.3:r2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "05D8427C-CDDE-4B2F-9CB8-41B9137660E4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:20.3:r2-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F3DC01F2-6DFE-4A8E-9962-5E59AA965935"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "20.3",
|
|
"matchCriteriaId": "4C8EA231-338B-46A2-BE77-3A7AB54BD148"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AE674DD3-3590-4434-B144-5AD7EB5F039D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0099BDA9-9D4B-4D6C-8234-EFD9E8C63476"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://kb.juniper.net/JSA11218",
|
|
"source": "sirt@juniper.net",
|
|
"tags": [
|
|
"Exploit",
|
|
"Mitigation",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |