CVE-2021-0225

Junos OS Evolved: Stateless IP firewall filter does not work as expected

Description

An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action 'policer' in certain combinations with other options to not take effect. An administrator can use the following CLI command to see the failures with filter configuration: user@device> show log kfirewall-agent.log | match ERROR Jul 23 14:16:03 ERROR: filter not supported This issue affects Juniper Networks Junos OS Evolved: Versions 19.1R1-EVO and above prior to 20.3R1-S2-EVO, 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS.

Remediation

Solution:

The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 20.3R1-S2-EVO, 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases.

Workaround:

There are no viable workarounds for this issue.

References

Link	Tags
https://kb.juniper.net/JSA11120	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-0225?: CVE-2021-0225 has been scored as a medium severity vulnerability.
How to fix CVE-2021-0225?: To fix CVE-2021-0225: The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 20.3R1-S2-EVO, 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases.
Is CVE-2021-0225 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-0225 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-0225?: CVE-2021-0225 affects Juniper Networks Junos OS Evolved.

Description

Remediation

Category

CWE-754 – Improper Check for Unusual or Exceptional Conditions

References

Frequently Asked Questions