CVE-2021-0209 in Junosinfo

Summary

by MITRE • 01/16/2021

In Juniper Networks Junos OS Evolved an attacker sending certain valid BGP update packets may cause Junos OS Evolved to access an uninitialized pointer causing RPD to core leading to a Denial of Service (DoS). Continued receipt of these types of valid BGP update packets will cause an extended Denial of Service condition. RPD will require a restart to recover. An indicator of compromise is to see if the file rpd.re exists by issuing the command: show system core-dumps This issue affects: Juniper Networks Junos OS Evolved 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S2-EVO, 20.1R2-S1-EVO. This issue does not affect Junos OS.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 02/14/2021

The vulnerability described in CVE-2021-0209 represents a critical denial of service weakness within Juniper Networks Junos OS Evolved that stems from improper handling of Border Gateway Protocol update messages. This flaw specifically impacts the Routing Policy Daemon (RPD) component which is responsible for processing and managing BGP routing information within the network infrastructure. The vulnerability manifests when the RPD processes certain valid BGP update packets that contain uninitialized pointer references, leading to memory access violations and subsequent system crashes.

From a technical perspective, this vulnerability constitutes a classic uninitialized pointer dereference issue that falls under the CWE-476 category of "NULL Pointer Dereference" within the Common Weakness Enumeration framework. The flaw occurs during the normal processing of BGP update messages, where the RPD attempts to access memory locations that have not been properly initialized, causing the daemon to crash and terminate unexpectedly. This type of vulnerability is particularly dangerous in network infrastructure devices because it can be triggered by legitimate network traffic without requiring any special privileges or authentication.

The operational impact of this vulnerability extends beyond simple service disruption as it creates a persistent denial of service condition that can severely impact network availability and reliability. When an attacker sends specifically crafted valid BGP update packets, the RPD core dumps and requires manual intervention to restart the service, which can result in significant network downtime. The fact that continued receipt of these packets maintains the DoS condition means that the attack can be sustained over time, making it particularly effective for network disruption. Network administrators can detect this compromise by monitoring for the existence of core dump files using the show system core-dumps command, which serves as an indicator that the vulnerability has been successfully exploited.

The affected versions of Juniper Networks Junos OS Evolved include specific releases prior to the mentioned security patches, with the 19.4R2-S2-EVO and 20.1R1-S2-EVO releases containing the necessary fixes. This vulnerability does not affect traditional Junos OS implementations, indicating that the issue is specific to the evolved variant of the operating system. Organizations utilizing affected versions should prioritize applying the security patches to prevent potential exploitation. The vulnerability aligns with ATT&CK technique T1499.004 for "Endpoint Denial of Service" and represents a significant risk to network infrastructure availability and business continuity operations. Network security teams should implement monitoring for unusual BGP traffic patterns and ensure that all Junos OS Evolved devices are updated to patched versions to mitigate this threat effectively.

Reservation

10/27/2020

Disclosure

01/16/2021

Moderation

accepted

CPE

ready

EPSS

0.00441

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!