CVE-2021-31363 in Junos OS
Summary
by MITRE • 10/19/2021
In an MPLS P2MP environment a Loop with Unreachable Exit Condition vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause high load on RPD which in turn may lead to routing protocol flaps. If a system with sensor-based-stats enabled receives a specific LDP FEC this can lead to the above condition. Continued receipted of such an LDP FEC will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 19.2 version 19.2R2 and later versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R2-S3-EVO; 20.3 versions prior to 20.3R1-S2-EVO.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 10/27/2021
This vulnerability represents a critical design flaw in the routing protocol daemon of juniper networks junos os and junos os evolved platforms, specifically within the multiprotocol label switching p2mp environment. The issue manifests as a loop with unreachable exit condition in the ldp fec processing mechanism, where an unauthenticated adjacent attacker can exploit this weakness to generate sustained high cpu load on the rpd process. The vulnerability specifically targets systems with sensor-based-stats enabled, creating a condition where receipt of a particular ldp fec packet triggers an infinite loop in the processing logic, ultimately leading to routing protocol instability and potential flapping. This represents a classic denial of service vector that can be exploited without authentication, making it particularly dangerous in network environments where physical access or network proximity can be achieved by adversaries.
The technical implementation of this vulnerability stems from improper handling of ldp fec (label distribution protocol forwarding equivalence class) packets within the routing protocol daemon's processing loop. When a system with sensor-based-stats enabled receives a specific malformed ldp fec packet, the rpd daemon enters a processing loop where the exit condition becomes unreachable due to flawed state management logic. This condition creates a resource exhaustion scenario where the rpd process consumes excessive cpu cycles, leading to system performance degradation and potential routing instability. The vulnerability operates at the protocol level within the mpls p2mp environment, leveraging the inherent complexity of multipoint-to-multipoint label switching protocols to create an exploitable condition that affects the core routing functionality of juniper devices.
The operational impact of this vulnerability extends beyond simple service disruption to potentially compromise network stability and availability. The sustained denial of service condition created by continued receipt of malicious ldp fec packets can lead to routing protocol flaps, which in turn can cause network convergence issues and packet loss. Network administrators may observe increased cpu utilization, reduced system responsiveness, and potential routing instability that could affect critical network services. The vulnerability affects multiple junos os versions across different release branches, indicating a widespread issue that impacts both legacy and newer deployments. The fact that this issue does not affect versions prior to 19.2r2 suggests that the problematic code was introduced in a specific codebase revision, making it more challenging to identify and remediate without proper version control measures.
Mitigation strategies for this vulnerability should focus on immediate patch application to affected junos os versions, with particular attention to the specific release branches mentioned in the advisory. Network administrators should implement network segmentation and access control measures to limit adjacent network access to juniper devices, reducing the attack surface for this unauthenticated exploit. Monitoring and detection capabilities should be enhanced to identify unusual cpu utilization patterns and routing protocol behavior that may indicate exploitation attempts. The vulnerability aligns with attack techniques documented in the mitre att&ck framework under network denial of service and privilege escalation categories, specifically targeting the network infrastructure layer. Organizations should also consider implementing ldp filtering and rate limiting mechanisms to prevent malformed packets from reaching the rpd daemon, providing additional defense in depth measures against similar protocol-based vulnerabilities.