Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2021-0280

Disclosure Date: July 14, 2021 •

CVE-2021-0280

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards, ddos-protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS (Distributed Denial of Service) settings in the Packet Forwarding Engine (PFE). This may cause BFD sessions to flap when a high rate of specific packets are received. Flapping of BFD sessions in turn may impact routing protocols and network stability, leading to a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only the following platforms with Paradise (PE) chipset-based line cards: PTX1000, PTX3000 (NextGen), PTX5000, PTX10008, PTX10016 Series and QFX10002 Series. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R3-S5 on PTX Series, QFX10K Series; 18.2 versions prior to 18.2R3-S8 on PTX Series, QFX10K Series; 18.3 versions prior to 18.3R3-S5 on PTX Series, QFX10K Series; 18.4 versions prior to 18.4R2-S8 on PTX Series, QFX10K Series; 19.1 versions prior to 19.1R3-S5 on PTX Series, QFX10K Series; 19.2 versions prior to 19.2R3-S2 on PTX Series, QFX10K Series; 19.3 versions prior to 19.3R3-S2 on PTX Series, QFX10K Series; 19.4 versions prior to 19.4R3-S2 on PTX Series, QFX10K Series; 20.1 versions prior to 20.1R3 on PTX Series, QFX10K Series; 20.2 versions prior to 20.2R2-S3, 20.2R3 on PTX Series, QFX10K Series; 20.3 versions prior to 20.3R2 on PTX Series, QFX10K Series; 20.4 versions prior to 20.4R2 on PTX Series, QFX10K Series.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

juniper

Products

junos 17.4,
junos 18.2,
junos 18.3,
junos 18.4,
junos 19.1,
junos 19.2,
junos 19.3,
junos 19.4,
junos 20.1,
junos 20.2,
junos 20.3,
junos 20.4

References

Canonical

CVE-2021-0280 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0280)

Advisory

https://kb.juniper.net/JSA11184

Rapid7

Unknown

CVE-2021-0280

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2021-0280

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Unknown

CVE-2021-0280

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2021-0280

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification