Main Vulnerability Database SB2021071917

SB2021071917 - Denial of service in Junos OS when handling BGP UPDATE message

Published: July 19, 2021

Security Bulletin ID SB2021071917

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2021-0282)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing a specific BGP UPDATE on Juniper Networks Junos OS devices with Multipath or add-path feature enabled. A remote attacker can send specific BGP UPDATE message and crash the routing process daemon (RPD).

This BGP UPDATE message can propagate to other BGP peers with vulnerable Junos versions on which Multipath or add-path feature is enabled, and cause RPD to crash and restart. This issue affects both IBGP and EBGP deployments in IPv4 or IPv6 network.

Remediation

Install update from vendor's website.

References

https://kb.juniper.net/JSA11186