| Summary | Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability. |
|---|---|
| Publication Date | Oct. 17, 2020, 6:15 a.m. |
| Registration Date | Jan. 26, 2021, 11:54 a.m. |
| Last Update | Nov. 21, 2024, 2:11 p.m. |
| CVSS3.1 : MEDIUM | |
| スコア | 6.5 |
|---|---|
| Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 攻撃元区分(AV) | 隣接 |
| 攻撃条件の複雑さ(AC) | 低 |
| 攻撃に必要な特権レベル(PR) | 不要 |
| 利用者の関与(UI) | 不要 |
| 影響の想定範囲(S) | 変更なし |
| 機密性への影響(C) | なし |
| 完全性への影響(I) | なし |
| 可用性への影響(A) | 高 |
| CVSS2.0 : LOW | |
| Score | 3.3 |
|---|---|
| Vector | AV:A/AC:L/Au:N/C:N/I:N/A:P |
| 攻撃元区分(AV) | 隣接 |
| 攻撃条件の複雑さ(AC) | 低 |
| 攻撃前の認証要否(Au) | 不要 |
| 機密性への影響(C) | なし |
| 完全性への影響(I) | なし |
| 可用性への影響(A) | 低 |
| Get all privileges. | いいえ |
| Get user privileges | いいえ |
| Get other privileges | いいえ |
| User operation required | いいえ |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:o:juniper:junos_os_evolved:19.3:r2:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos_os_evolved:19.2:r1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos_os_evolved:19.2:r2:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos_os_evolved:20.1:r1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos_os_evolved:19.4:r1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos_os_evolved:19.4:r2-s1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos_os_evolved:19.4:r2:*:*:*:*:*:* | |||||
| Title | Juniper Networks Junos OS Evolved における例外的な状態の処理に関する脆弱性 |
|---|---|
| Summary | Juniper Networks Junos OS Evolved には、例外的な状態の処理に関する脆弱性が存在します。 |
| Possible impacts | サービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Oct. 14, 2020, midnight |
| Registration Date | April 26, 2021, 4:28 p.m. |
| Last Update | April 26, 2021, 4:28 p.m. |
| ジュニパーネットワークス |
| Junos OS Evolved 20.1R2-EVO 未満 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2021年04月26日] 掲載 |
April 26, 2021, 4:28 p.m. |