CVE-2021-0226

Junos OS Evolved: The IPv6 BGP session will flap due to receipt of a specific IPv6 packet

Description

On Juniper Networks Junos OS Evolved devices, receipt of a specific IPv6 packet may cause an established IPv6 BGP session to terminate, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue does not affect IPv4 BGP sessions. This issue affects IBGP or EBGP peer sessions with IPv6. This issue affects: Juniper Networks Junos OS Evolved: 19.4 versions prior to 19.4R2-S3-EVO; 20.1 versions prior to 20.1R2-S3-EVO; 20.2 versions prior to 20.2R2-S1-EVO; 20.3 versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS releases.

Remediation

Solution:

The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 19.4R2-S3-EVO, 20.1R2-S3-EVO, 20.2R2-S1-EVO, 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases.

Workaround:

There are no viable workarounds for this issue.

References

Link	Tags
https://kb.juniper.net/JSA11121	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-0226?: CVE-2021-0226 has been scored as a high severity vulnerability.
How to fix CVE-2021-0226?: To fix CVE-2021-0226: The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 19.4R2-S3-EVO, 20.1R2-S3-EVO, 20.2R2-S1-EVO, 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases.
Is CVE-2021-0226 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-0226 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-0226?: CVE-2021-0226 affects Juniper Networks Junos OS Evolved.

Description

Remediation

Category

CWE-665 – Improper Initialization

References

Frequently Asked Questions