1. Home
  2. CVE Database
  3. CVE-2021-0205
MEDIUM · 5.8

CVE-2021-0205

When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the pr...

Vulnerability Description

When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the prefix as /32, causing the filter to block unexpected traffic. This issue affects only IPv6 prefixes when used as source and destination. This issue affects MX Series devices using MS-MPC, MS-MIC or MS-SPC3 service cards with IDS service configured. This issue affects: Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S10 on MX Series; 17.4 versions prior to 17.4R3-S3 on MX Series; 18.1 versions prior to 18.1R3-S11 on MX Series; 18.2 versions prior to 18.2R3-S6 on MX Series; 18.3 versions prior to 18.3R3-S4 on MX Series; 18.4 versions prior to 18.4R3-S6 on MX Series; 19.1 versions prior to 19.1R2-S2, 19.1R3-S3 on MX Series; 19.2 versions prior to 19.2R3-S1 on MX Series; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1 on MX Series; 19.4 versions prior to 19.4R3 on MX Series; 20.1 versions prior to 20.1R2 on MX Series; 20.2 versions prior to 20.2R2 on MX Series;

CVSS Score

5.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW

Affected Products

VendorProductVersions
JuniperJunos17.3
JuniperMx10-
JuniperMx10000-
JuniperMx10003-
JuniperMx104-
JuniperMx150-
JuniperMx2008-
JuniperMx2010-
JuniperMx2020-
JuniperMx204-
JuniperMx240-
JuniperMx40-
JuniperMx480-
JuniperMx5-
JuniperMx80-
JuniperMx960-

Related Weaknesses (CWE)

CWE-284

References

FAQ

What is CVE-2021-0205?

CVE-2021-0205 is a vulnerability with a CVSS score of 5.8 (MEDIUM). When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the pr...

How severe is CVE-2021-0205?

CVE-2021-0205 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-0205?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Mx10, Juniper Mx10000, Juniper Mx10003, Juniper Mx104.