CVE-2021-31363 : Security Advisory and Response
In Juniper Networks Junos OS and Junos OS Evolved, a vulnerability allows an unauthenticated attacker to trigger a Denial of Service (DoS) attack. Learn about the impact, affected versions, and mitigation steps.
In an MPLS P2MP environment, a vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to cause high load on RPD. This could lead to routing protocol instability, creating a Denial of Service (DoS) condition. The issue impacts multiple versions of Junos OS and Junos OS Evolved.
Understanding CVE-2021-31363
This CVE involves a vulnerability in the Juniper Networks Junos OS and Junos OS Evolved that allows for a Denial of Service (DoS) attack through a specific LDP message.
What is CVE-2021-31363?
The vulnerability in Junos OS and Junos OS Evolved could be exploited by an unauthenticated attacker to trigger a sustained Denial of Service (DoS) attack. This occurs when a system with sensor-based-stats enabled receives a particular LDP FEC.
The Impact of CVE-2021-31363
The vulnerability can cause high CPU load on RPD, potentially leading to routing protocol flaps. It poses a significant risk of a sustained Denial of Service (DoS) attack on affected systems.
Technical Details of CVE-2021-31363
The vulnerability is due to a Loop with Unreachable Exit Condition in the routing protocol daemon (RPD) of Junos OS and Junos OS Evolved. The CVSS v3.1 base score is 6.5, indicating a Medium severity issue.
Vulnerability Description
A vulnerable configuration with specific LDP settings can be targeted by an adjacent attacker to disrupt the routing protocol daemon, creating a DoS scenario.
Affected Systems and Versions
Multiple versions of Junos OS and Junos OS Evolved are affected, including 19.2R2 to 20.3R2 for Junos OS and versions prior to 20.3R1-S2-EVO for Junos OS Evolved.
Exploitation Mechanism
An unauthenticated attacker can exploit the vulnerability by sending a specific LDP message to a system with sensor-based-stats enabled, leading to high CPU utilization.
Mitigation and Prevention
To address CVE-2021-31363, update Junos OS and Junos OS Evolved to the patched versions. Additionally, follow best security practices to reduce the risk of such vulnerabilities.
Immediate Steps to Take
Update Junos OS to versions 19.2R3-S3 and above, and Junos OS Evolved to 20.1R2-S3-EVO and above to mitigate the vulnerability.
Long-Term Security Practices
Regularly update and patch Junos OS and Junos OS Evolved to the latest releases to ensure protection against known vulnerabilities.
Patching and Updates
Install the recommended software updates for Junos OS and Junos OS Evolved to resolve the specific issue and enhance the overall security posture of the systems.