CVE-2021-0226 — HIGH (7.1) — White Hats Nepal

Vulnerability Description

On Juniper Networks Junos OS Evolved devices, receipt of a specific IPv6 packet may cause an established IPv6 BGP session to terminate, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue does not affect IPv4 BGP sessions. This issue affects IBGP or EBGP peer sessions with IPv6. This issue affects: Juniper Networks Junos OS Evolved: 19.4 versions prior to 19.4R2-S3-EVO; 20.1 versions prior to 20.1R2-S3-EVO; 20.2 versions prior to 20.2R2-S1-EVO; 20.3 versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS releases.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Juniper	Junos Os Evolved	20.1

Related Weaknesses (CWE)

CWE-665

References

https://kb.juniper.net/JSA11121Vendor Advisory
https://kb.juniper.net/JSA11121Vendor Advisory

FAQ

What is CVE-2021-0226?

CVE-2021-0226 is a vulnerability with a CVSS score of 7.1 (HIGH). On Juniper Networks Junos OS Evolved devices, receipt of a specific IPv6 packet may cause an established IPv6 BGP session to terminate, creating a Denial of Service (DoS) condition. Continued receipt ...

How severe is CVE-2021-0226?

CVE-2021-0226 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-0226?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos Os Evolved.