CVE-2021-0280 Information

Description

Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards ddos-protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS (Distributed Denial of Service) settings in the Packet Forwarding Engine (PFE). This may cause BFD sessions to flap when a high rate of specific packets are received. Flapping of BFD sessions in turn may impact routing protocols and network stability leading to a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only the following platforms with Paradise (PE) chipset-based line cards: PTX1000 PTX3000 (NextGen) PTX5000 PTX10008 PTX10016 Series and QFX10002 Series. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R3-S5 on PTX Series QFX10K Series; 18.2 versions prior to 18.2R3-S8 on PTX Series QFX10K Series; 18.3 versions prior to 18.3R3-S5 on PTX Series QFX10K Series; 18.4 versions prior to 18.4R2-S8 on PTX Series QFX10K Series; 19.1 versions prior to 19.1R3-S5 on PTX Series QFX10K Series; 19.2 versions prior to 19.2R3-S2 on PTX Series QFX10K Series; 19.3 versions prior to 19.3R3-S2 on PTX Series QFX10K Series; 19.4 versions prior to 19.4R3-S2 on PTX Series QFX10K Series; 20.1 versions prior to 20.1R3 on PTX Series QFX10K Series; 20.2 versions prior to 20.2R2-S3 20.2R3 on PTX Series QFX10K Series; 20.3 versions prior to 20.3R2 on PTX Series QFX10K Series; 20.4 versions prior to 20.4R2 on PTX Series QFX10K Series.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://kb.juniper.net/JSA11184

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5