CVE-2021-0298

A Race Condition in the 'show chassis pic' command in Juniper Networks Junos OS Evolved may allow an attacker to crash the port interface concentrator daemon (picd) process on the FPC, if the command is executed coincident with other system events outside the attacker's control, leading to a Denial of Service (DoS) condition. Continued execution of the CLI command, under precise conditions, could create a sustained Denial of Service (DoS) condition. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO on PTX10003 and PTX10008 platforms. Junos OS is not affected by this vulnerability.
References
Link Resource
https://kb.juniper.net/JSA11212 Vendor Advisory
https://kb.juniper.net/JSA11212 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:juniper:junos_os_evolved:18.3:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:19.1:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:19.1:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:19.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:19.2:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:19.3:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:19.3:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:19.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:19.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:20.1:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:20.1:r1-s1:*:*:*:*:*:*
OR cpe:2.3:h:juniper:ptx10003:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ptx10008:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:42

Type Values Removed Values Added
References () https://kb.juniper.net/JSA11212 - Vendor Advisory () https://kb.juniper.net/JSA11212 - Vendor Advisory

Information

Published : 2021-10-19 19:15

Updated : 2024-11-21 05:42


NVD link : CVE-2021-0298

Mitre link : CVE-2021-0298

CVE.ORG link : CVE-2021-0298


JSON object : View

Products Affected

juniper

  • ptx10008
  • ptx10003
  • junos_os_evolved
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')