CVE-2021-0262

Published Apr 22, 2021

Last updated 4 years ago

CVSS medium 6.5

Overview

Description: Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Development Life Cycle team identified a Use After Free vulnerability in PFE packet processing on the QFX10002-60C switching platform. Exploitation of this vulnerability may allow a logically adjacent attacker to trigger a Denial of Service (DoS). Continued exploitation of this vulnerability will sustain the Denial of Service (DoS) condition. This issue only affects QFX10002-60C devices. No other product or platform is vulnerable to this issue. This issue affects Juniper Networks Junos OS on QFX10002-60C: 19.1 version 19.1R3-S1 and later versions; 19.1 versions prior to 19.1R3-S3; 19.2 version 19.2R2 and later versions; 19.2 versions prior to 19.2R3-S1; 20.2 versions prior to 20.2R1-S2. This issue does not affect Juniper Networks Junos OS: versions prior to 19.1R3; 19.2 versions prior to 19.2R2; any version of 19.3; version 20.2R2 and later releases.
Source: sirt@juniper.net
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.3
Impact score: 2.9
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-416
sirt@juniper.net: CWE-416

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:19.1:r3-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E45E5421-2F6F-4AF9-8EB1-431A804FC649"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:19.1:r3-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93098975-4A06-4A72-8DF0-F2C5E1AF2F77"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:19.2:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C71D2FA-B1A4-4004-807F-7B3BB347DF4C"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:19.2:r2-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E78E854-DDD3-4D1A-97AB-AEA70B9B811F"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:19.2:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "512FB3D1-BA5B-4F73-BDB2-49D6889F5473"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD07B7E2-F5C2-4610-9133-FDA9E66DFF4F"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3C23AEB-34DE-44FB-8D64-E69D6E8B7401"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References