Juniper Junos OS DoS (JSA11168)

medium Nessus Plugin ID 149351

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The version of Junos OS installed on the remote host is affected by denial of service vulnerabilities as referenced in the JSA11168 advisory:

- On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a specific DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of these specific packets will repeatedly crash the JDHCPD process and sustain the Denial of Service (DoS) condition. (CVE-2021-0241)

- On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash if a malformed DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
(CVE-2021-0240)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Apply the relevant Junos software release referenced in Juniper advisory JSA11168

See Also

https://kb.juniper.net/JSA11168

Plugin Details

Severity: Medium

ID: 149351

File Name: juniper_jsa11168.nasl

Version: 1.7

Type: combined

Published: 5/7/2021

Updated: 7/27/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.4

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-0241

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/JUNOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/14/2021

Vulnerability Publication Date: 4/14/2021

Reference Information

CVE: CVE-2021-0240, CVE-2021-0241

IAVA: 2021-A-0215-S

JSA: JSA11168