variot - var-202104-0544

var-202104-0544

Vulnerability from variot

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17 on EX Series; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230 on SRX Series; 16.1 versions prior to 16.1R7-S8; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. There is a security vulnerability in Junos OS, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202104-0544",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "15.1x49"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "19.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "20.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "18.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "20.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "18.3"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "15.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "12.3x48"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "18.4"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "17.3"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "19.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "19.3"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "19.4"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "17.4"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "18.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "16.1"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-0261"
      }
    ]
  },
  "cve": "CVE-2021-0261",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2021-0261",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-372163",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "sirt@juniper.net",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-0261",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-0261",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "sirt@juniper.net",
            "id": "CVE-2021-0261",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-1019",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-372163",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-0261",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372163"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-0261"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-1019"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-0261"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-0261"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17 on EX Series; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230 on SRX Series; 16.1 versions prior to 16.1R7-S8; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company\u0027s hardware equipment. The operating system provides a secure programming interface and Junos SDK. There is a security vulnerability in Junos OS, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-0261"
      },
      {
        "db": "VULHUB",
        "id": "VHN-372163"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-0261"
      }
    ],
    "trust": 1.08
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-0261",
        "trust": 1.8
      },
      {
        "db": "JUNIPER",
        "id": "JSA11152",
        "trust": 1.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-1019",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-372163",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-0261",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372163"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-0261"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-1019"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-0261"
      }
    ]
  },
  "id": "VAR-202104-0544",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372163"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:29:16.950000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Juniper Networks Junos OS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148043"
      },
      {
        "title": "CVE-2021-0261",
        "trust": 0.1,
        "url": "https://github.com/GoogleProjectZer0/CVE-2021-0261 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-0261"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-1019"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-770",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-125",
        "trust": 1.0
      },
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-0261"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://kb.juniper.net/jsa11152"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-35081"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0261"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/googleprojectzer0/cve-2021-0261"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372163"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-0261"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-1019"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-0261"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-372163"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-0261"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-1019"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-0261"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-04-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-372163"
      },
      {
        "date": "2021-04-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-0261"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-1019"
      },
      {
        "date": "2021-04-22T20:15:09.703000",
        "db": "NVD",
        "id": "CVE-2021-0261"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-05-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-372163"
      },
      {
        "date": "2021-05-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-0261"
      },
      {
        "date": "2021-05-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-1019"
      },
      {
        "date": "2024-11-21T05:42:20.670000",
        "db": "NVD",
        "id": "CVE-2021-0261"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-1019"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper Networks Junos OS Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-1019"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-1019"
      }
    ],
    "trust": 0.6
  }
}

cve-2021-0261

Vulnerability from cvelistv5

Published

2021-04-22 19:37

Modified

2024-09-16 19:57

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

▼	URL	Tags
	https://kb.juniper.net/JSA11152	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

Juniper Networks

Junos OS

Version: 12.3 < 12.3R12-S17

	Juniper Networks	Junos OS	Version: 12.3X48 < 12.3X48-D105 Version: 15.1X49 < 15.1X49-D230
	Juniper Networks	Junos OS	Version: 15.1 < 15.1R7-S8 Version: 16.1 < 16.1R7-S8 Version: 17.4 < 17.4R2-S12, 17.4R3-S3 Version: 18.1 < 18.1R3-S11 Version: 18.2 < 18.2R3-S6 Version: 18.3 < 18.3R2-S4, 18.3R3-S3 Version: 18.4 < 18.4R2-S5, 18.4R3-S4 Version: 19.1 < 19.1R2-S2, 19.1R3-S2 Version: 19.2 < 19.2R1-S5, 19.2R3 Version: 19.3 < 19.3R2-S4, 19.3R3 Version: 19.4 < 19.4R1-S3, 19.4R2-S2, 19.4R3 Version: 20.1 < 20.1R1-S3, 20.1R2 Version: 20.2 < 20.2R1-S1, 20.2R2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:32:10.525Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11152"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "EX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "12.3R12-S17",
              "status": "affected",
              "version": "12.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "SRX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "12.3X48-D105",
              "status": "affected",
              "version": "12.3X48",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1X49-D230",
              "status": "affected",
              "version": "15.1X49",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "15.1R7-S8",
              "status": "affected",
              "version": "15.1",
              "versionType": "custom"
            },
            {
              "lessThan": "16.1R7-S8",
              "status": "affected",
              "version": "16.1",
              "versionType": "custom"
            },
            {
              "lessThan": "17.4R2-S12, 17.4R3-S3",
              "status": "affected",
              "version": "17.4",
              "versionType": "custom"
            },
            {
              "lessThan": "18.1R3-S11",
              "status": "affected",
              "version": "18.1",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2R3-S6",
              "status": "affected",
              "version": "18.2",
              "versionType": "custom"
            },
            {
              "lessThan": "18.3R2-S4, 18.3R3-S3",
              "status": "affected",
              "version": "18.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R2-S5, 18.4R3-S4",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1R2-S2, 19.1R3-S2",
              "status": "affected",
              "version": "19.1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R1-S5, 19.2R3",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R2-S4, 19.3R3",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R1-S3, 19.4R2-S2, 19.4R3",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.1R1-S3, 20.1R2",
              "status": "affected",
              "version": "20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R1-S1, 20.2R2",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "The following are examples of the config stanzas that use the web-service that are vulnerable to this issue:\n\n  [system services web-management http]\n  [system services web-management https]\n  [services captive-portal secure-authentication]\n  [security dynamic-vpn] in combination with clients using https://\u003csrx-ip\u003e/(dynamic-vpn) to establish the vpn\n  [access firewall-authentication web-authentication] in combination with [security policies ... then permit firewall-authentication web-authentication client-match ...]\n  [access firewall-authentication pass-through http] in combination with [security policies ... then permit firewall-authentication pass-through web-redirect]"
        }
      ],
      "datePublic": "2021-04-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17 on EX Series; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230 on SRX Series; 16.1 versions prior to 16.1R7-S8; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T19:37:20",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.juniper.net/JSA11152"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S17, 12.3X48-D105, 15.1R7-S8, 15.1X49-D230, 16.1R7-S8, 17.4R2-S12, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2-S2, 19.4R3, 20.1R1-S3, 20.1R2, 20.2R1-S1, 20.2R2, 20.3R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11152",
        "defect": [
          "1513887"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Junos OS: Denial of Service vulnerability in J-Web and web based (HTTP/HTTPS) services caused by a high number of specific requests",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no viable workarounds for this issue other than disabling the web-service:\n[deactivate system services web-management]\n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts.\n\nThe \u0027restart web-management\u0027 command can be used to restart the web-service to recover from this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
          "ID": "CVE-2021-0261",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: Denial of Service vulnerability in J-Web and web based (HTTP/HTTPS) services caused by a high number of specific requests"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "EX Series",
                            "version_affected": "\u003c",
                            "version_name": "12.3",
                            "version_value": "12.3R12-S17"
                          },
                          {
                            "platform": "SRX Series",
                            "version_affected": "\u003c",
                            "version_name": "12.3X48",
                            "version_value": "12.3X48-D105"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "15.1",
                            "version_value": "15.1R7-S8"
                          },
                          {
                            "platform": "SRX Series",
                            "version_affected": "\u003c",
                            "version_name": "15.1X49",
                            "version_value": "15.1X49-D230"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.1",
                            "version_value": "16.1R7-S8"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.4",
                            "version_value": "17.4R2-S12, 17.4R3-S3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.1",
                            "version_value": "18.1R3-S11"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.2",
                            "version_value": "18.2R3-S6"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.3",
                            "version_value": "18.3R2-S4, 18.3R3-S3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R2-S5, 18.4R3-S4"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "19.1",
                            "version_value": "19.1R2-S2, 19.1R3-S2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R1-S5, 19.2R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R2-S4, 19.3R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R1-S3, 19.4R2-S2, 19.4R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "20.1",
                            "version_value": "20.1R1-S3, 20.1R2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "20.2",
                            "version_value": "20.2R1-S1, 20.2R2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "The following are examples of the config stanzas that use the web-service that are vulnerable to this issue:\n\n  [system services web-management http]\n  [system services web-management https]\n  [services captive-portal secure-authentication]\n  [security dynamic-vpn] in combination with clients using https://\u003csrx-ip\u003e/(dynamic-vpn) to establish the vpn\n  [access firewall-authentication web-authentication] in combination with [security policies ... then permit firewall-authentication web-authentication client-match ...]\n  [access firewall-authentication pass-through http] in combination with [security policies ... then permit firewall-authentication pass-through web-redirect]"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17 on EX Series; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230 on SRX Series; 16.1 versions prior to 16.1R7-S8; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125 Out-of-bounds Read"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service (DoS)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-770 Allocation of Resources Without Limits or Throttling"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11152",
              "refsource": "MISC",
              "url": "https://kb.juniper.net/JSA11152"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S17, 12.3X48-D105, 15.1R7-S8, 15.1X49-D230, 16.1R7-S8, 17.4R2-S12, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2-S2, 19.4R3, 20.1R1-S3, 20.1R2, 20.2R1-S1, 20.2R2, 20.3R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11152",
          "defect": [
            "1513887"
          ],
          "discovery": "INTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "There are no viable workarounds for this issue other than disabling the web-service:\n[deactivate system services web-management]\n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts.\n\nThe \u0027restart web-management\u0027 command can be used to restart the web-service to recover from this issue."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2021-0261",
    "datePublished": "2021-04-22T19:37:20.160991Z",
    "dateReserved": "2020-10-27T00:00:00",
    "dateUpdated": "2024-09-16T19:57:30.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted