1. Home
  2. CVE Database
  3. CVE-2021-31366
MEDIUM · 6.5

CVE-2021-31366

An Unchecked Return Value vulnerability in the authd (authentication daemon) of Juniper Networks Junos OS on MX Series configured for subscriber management / BBE allows an adjacent attacker to cause a...

Vulnerability Description

An Unchecked Return Value vulnerability in the authd (authentication daemon) of Juniper Networks Junos OS on MX Series configured for subscriber management / BBE allows an adjacent attacker to cause a crash by sending a specific username. This impacts authentication, authorization, and accounting (AAA) services on the MX devices and leads to a Denial of Service (DoS) condition. Continued receipted of these PPP login request will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
JuniperJunos15.1
JuniperMx10-
JuniperMx10003-
JuniperMx10008-
JuniperMx10016-
JuniperMx104-
JuniperMx150-
JuniperMx2008-
JuniperMx2010-
JuniperMx2020-
JuniperMx204-
JuniperMx240-
JuniperMx40-
JuniperMx480-
JuniperMx5-
JuniperMx80-
JuniperMx960-

Related Weaknesses (CWE)

CWE-252

References

FAQ

What is CVE-2021-31366?

CVE-2021-31366 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An Unchecked Return Value vulnerability in the authd (authentication daemon) of Juniper Networks Junos OS on MX Series configured for subscriber management / BBE allows an adjacent attacker to cause a...

How severe is CVE-2021-31366?

CVE-2021-31366 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-31366?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Mx10, Juniper Mx10003, Juniper Mx10008, Juniper Mx10016.