CVE-2021-0271

A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the crafted ARP packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series. 12.3 versions prior to 12.3R12-S17; 15.1 versions prior to 15.1R7-S8. This issue only affects the listed Marvell-chipset based EX Series devices. No other products or platforms are affected.

CVSS v3 6.5 MEDIUM
CVSS v2.0 3.3 LOW

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://kb.juniper.net/JSA11162	Vendor Advisory
https://kb.juniper.net/JSA11162	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:juniper:junos:12.3:-::::::
	cpe:2.3:o:juniper:junos:12.3:r1::::::
	cpe:2.3:o:juniper:junos:12.3:r10::::::
	cpe:2.3:o:juniper:junos:12.3:r10-s1::::::
	cpe:2.3:o:juniper:junos:12.3:r10-s2::::::
	cpe:2.3:o:juniper:junos:12.3:r11::::::
	cpe:2.3:o:juniper:junos:12.3:r12::::::
	cpe:2.3:o:juniper:junos:12.3:r12-s1::::::
	cpe:2.3:o:juniper:junos:12.3:r12-s10::::::
	cpe:2.3:o:juniper:junos:12.3:r12-s11::::::
	cpe:2.3:o:juniper:junos:12.3:r12-s12::::::
	cpe:2.3:o:juniper:junos:12.3:r12-s13::::::
	cpe:2.3:o:juniper:junos:12.3:r12-s14::::::
	cpe:2.3:o:juniper:junos:12.3:r12-s15::::::
	cpe:2.3:o:juniper:junos:12.3:r12-s16::::::
	cpe:2.3:o:juniper:junos:12.3:r12-s3::::::
	cpe:2.3:o:juniper:junos:12.3:r12-s4::::::
	cpe:2.3:o:juniper:junos:12.3:r12-s6::::::
	cpe:2.3:o:juniper:junos:12.3:r12-s8::::::
	cpe:2.3:o:juniper:junos:15.1:-::::::
	cpe:2.3:o:juniper:junos:15.1:a1::::::
	cpe:2.3:o:juniper:junos:15.1:f::::::
	cpe:2.3:o:juniper:junos:15.1:f1::::::
	cpe:2.3:o:juniper:junos:15.1:f2::::::
	cpe:2.3:o:juniper:junos:15.1:f2-s1::::::
	cpe:2.3:o:juniper:junos:15.1:f2-s2::::::
	cpe:2.3:o:juniper:junos:15.1:f2-s3::::::
	cpe:2.3:o:juniper:junos:15.1:f2-s4::::::
	cpe:2.3:o:juniper:junos:15.1:f3::::::
	cpe:2.3:o:juniper:junos:15.1:f4::::::
	cpe:2.3:o:juniper:junos:15.1:f5::::::
	cpe:2.3:o:juniper:junos:15.1:f5-s7::::::
	cpe:2.3:o:juniper:junos:15.1:f6::::::
	cpe:2.3:o:juniper:junos:15.1:f6-s1::::::
	cpe:2.3:o:juniper:junos:15.1:f6-s10::::::
	cpe:2.3:o:juniper:junos:15.1:f6-s12::::::
	cpe:2.3:o:juniper:junos:15.1:f6-s2::::::
	cpe:2.3:o:juniper:junos:15.1:f6-s3::::::
	cpe:2.3:o:juniper:junos:15.1:f6-s4::::::
	cpe:2.3:o:juniper:junos:15.1:f6-s5::::::
	cpe:2.3:o:juniper:junos:15.1:f6-s6::::::
	cpe:2.3:o:juniper:junos:15.1:f6-s7::::::
	cpe:2.3:o:juniper:junos:15.1:f6-s8::::::
	cpe:2.3:o:juniper:junos:15.1:f6-s9::::::
	cpe:2.3:o:juniper:junos:15.1:f7::::::
	cpe:2.3:o:juniper:junos:15.1:r::::::
	cpe:2.3:o:juniper:junos:15.1:r1::::::
	cpe:2.3:o:juniper:junos:15.1:r2::::::
	cpe:2.3:o:juniper:junos:15.1:r3::::::
	cpe:2.3:o:juniper:junos:15.1:r4::::::
	cpe:2.3:o:juniper:junos:15.1:r4-s7::::::
	cpe:2.3:o:juniper:junos:15.1:r4-s8::::::
	cpe:2.3:o:juniper:junos:15.1:r4-s9::::::
	cpe:2.3:o:juniper:junos:15.1:r5::::::
	cpe:2.3:o:juniper:junos:15.1:r5-s1::::::
	cpe:2.3:o:juniper:junos:15.1:r5-s3::::::
	cpe:2.3:o:juniper:junos:15.1:r5-s5::::::
	cpe:2.3:o:juniper:junos:15.1:r5-s6::::::
	cpe:2.3:o:juniper:junos:15.1:r6::::::
	cpe:2.3:o:juniper:junos:15.1:r6-s1::::::
	cpe:2.3:o:juniper:junos:15.1:r6-s2::::::
	cpe:2.3:o:juniper:junos:15.1:r6-s3::::::
	cpe:2.3:o:juniper:junos:15.1:r6-s4::::::
	cpe:2.3:o:juniper:junos:15.1:r6-s6::::::
cpe:2.3:o:juniper:junos:15.1:r7::::::
cpe:2.3:o:juniper:junos:15.1:r7-s1::::::
cpe:2.3:o:juniper:junos:15.1:r7-s2::::::
cpe:2.3:o:juniper:junos:15.1:r7-s3::::::
cpe:2.3:o:juniper:junos:15.1:r7-s4::::::
cpe:2.3:o:juniper:junos:15.1:r7-s5::::::
cpe:2.3:o:juniper:junos:15.1:r7-s6::::::
cpe:2.3:o:juniper:junos:15.1:r7-s7::::::

OR	cpe:2.3:h:juniper:ex2200-c:-:::::::*
	cpe:2.3:h:juniper:ex3200:-:::::::*
	cpe:2.3:h:juniper:ex3300:-:::::::*
	cpe:2.3:h:juniper:ex4200:-:::::::*
	cpe:2.3:h:juniper:ex4500:-:::::::*
	cpe:2.3:h:juniper:ex4550:-:::::::*
	cpe:2.3:h:juniper:ex6210:-:::::::*
	cpe:2.3:h:juniper:ex8208:-:::::::*
	cpe:2.3:h:juniper:ex8216:-:::::::*

History

21 Nov 2024, 05:42

Type	Values Removed	Values Added
References	~~() https://kb.juniper.net/JSA11162 - Vendor Advisory~~	() https://kb.juniper.net/JSA11162 - Vendor Advisory

Information

Published : 2021-04-22 20:15

Updated : 2024-11-21 05:42

NVD link : CVE-2021-0271

Mitre link : CVE-2021-0271

CVE.ORG link : CVE-2021-0271

JSON object : View

Products Affected

juniper

ex3300
ex3200
ex4550
ex2200-c
ex6210
ex8216
junos
ex4200
ex4500
ex8208

CWE

CWE-415

Double Free

6.5 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.3 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2021-0271

6.5^/10

3.3^/10

Attach tags to `CVE-2021-0271`