CVE-2021-0208

Junos OS and Junos OS Evolved: In bidirectional LSP configurations, on MPLS egress router RPD may core upon receipt of specific malformed RSVP packet.

Description

An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition. Continued receipt of the packet will sustain the Denial of Service. This issue affects: Juniper Networks Junos OS: All versions prior to 17.3R3-S10 except 15.1X49-D240 for SRX series; 17.4 versions prior to 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R3-S3; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3-S1; 20.1 versions prior to 20.1R1-S4, 20.1R2; 15.1X49 versions prior to 15.1X49-D240 on SRX Series. Juniper Networks Junos OS Evolved: 19.3 versions prior to 19.3R2-S5-EVO; 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S4-EVO.

Remediation

Solution:

The following software releases have been updated to resolve this specific issue: Junos OS: 15.1X49-D240, 17.3R3-S10, 17.4R3-S2, 18.1R3-S10, 18.2R2-S7, 18.2R3-S4, 18.3R3-S2, 18.4R1-S8, 18.4R2-S6, 18.4R3-S2, 19.1R1-S5, 19.1R3-S3, 19.2R3, 19.3R2-S5, 19.3R3, 19.4R2-S2, 19.4R3-S1, 20.1R1-S4, 20.1R2, 20.2R1, and all subsequent releases. Note: With the exception of SRX Series products using version 15.1X49-D240, all products using Junos OS prior to 17.3R3-S10 are affected and will not be fixed by Juniper Networks, Inc. Junos OS Evolved: 19.3R2-S5-EVO, 19.4R2-S2-EVO, 20.1R1-S4-EVO, and all subsequent releases.

Workaround:

If bidirectional LSPs are running in the network, when changing family mpls maximum-labels on an interface, first disable RSVP for this interface. You can include the disable statement at the following hierarchy levels: [edit protocols rsvp interface interface-name ] [edit logical-systems logical-system-name protocols rsvp interface interface-name ] See the MPLS RSVP disable configuration guide for further details.

References

Link	Tags
https://kb.juniper.net/JSA11098	vendor advisory
https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/disable-edit-protocols-rsvp.html	vendor advisory
https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/corouted-bidirectional-edit-protocols-mpls.html	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-0208?: CVE-2021-0208 has been scored as a high severity vulnerability.
How to fix CVE-2021-0208?: To fix CVE-2021-0208: The following software releases have been updated to resolve this specific issue: Junos OS: 15.1X49-D240, 17.3R3-S10, 17.4R3-S2, 18.1R3-S10, 18.2R2-S7, 18.2R3-S4, 18.3R3-S2, 18.4R1-S8, 18.4R2-S6, 18.4R3-S2, 19.1R1-S5, 19.1R3-S3, 19.2R3, 19.3R2-S5, 19.3R3, 19.4R2-S2, 19.4R3-S1, 20.1R1-S4, 20.1R2, 20.2R1, and all subsequent releases. Note: With the exception of SRX Series products using version 15.1X49-D240, all products using Junos OS prior to 17.3R3-S10 are affected and will not be fixed by Juniper Networks, Inc. Junos OS Evolved: 19.3R2-S5-EVO, 19.4R2-S2-EVO, 20.1R1-S4-EVO, and all subsequent releases.
Is CVE-2021-0208 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-0208 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-0208?: CVE-2021-0208 affects Juniper Networks Junos OS, Juniper Networks Junos OS, Juniper Networks Junos OS Evolved.

Description

Remediation

Category

CWE-20 – Improper Input Validation

References

Frequently Asked Questions