CVE-2021-0239

Junos OS Evolved: Denial of Service due to receipt of specific genuine layer 2 frames.

Description

In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit (AFT) manager process (Evo-aftmand), responsible for handling Route, Class-of-Service (CoS), Firewall operations within the packet forwarding engine (PFE) to crash and restart, leading to a Denial of Service (DoS) condition. By continuously sending this specific stream of genuine Layer 2 frames, an attacker can repeatedly crash the PFE, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R1-EVO. This issue does not affect Junos OS versions.

Remediation

Solution:

The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 20.4R1-EVO, and all subsequent releases.

Workaround:

There are no viable workarounds for this issue.

References

Link	Tags
https://kb.juniper.net/JSA11134	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-0239?: CVE-2021-0239 has been scored as a medium severity vulnerability.
How to fix CVE-2021-0239?: To fix CVE-2021-0239: The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 20.4R1-EVO, and all subsequent releases.
Is CVE-2021-0239 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-0239 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-0239?: CVE-2021-0239 affects Juniper Networks Junos OS Evolved.

Description

Remediation

Category

CWE-754 – Improper Check for Unusual or Exceptional Conditions

References

Frequently Asked Questions