CVE-2021-0206: Junos OS: NFX Series, SRX Series: PFE may crash upon receipt of specific packet when SSL Proxy is configured.
First published: Fri Jan 15 2021(Updated: )
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in a Denial of Service (DoS). By continuously sending these specific packets, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). This issue only affects Juniper Networks NFX Series, SRX Series platforms when SSL Proxy is configured. This issue affects Juniper Networks Junos OS on NFX Series and SRX Series: 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S1; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS versions on NFX Series and SRX Series prior to 18.3R1.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper JUNOS | =18.3 | |
| Juniper JUNOS | =18.3-r1 | |
| Juniper JUNOS | =18.3-r1-s1 | |
| Juniper JUNOS | =18.3-r1-s2 | |
| Juniper JUNOS | =18.3-r1-s3 | |
| Juniper JUNOS | =18.3-r1-s5 | |
| Juniper JUNOS | =18.3-r1-s6 | |
| Juniper JUNOS | =18.3-r2 | |
| Juniper JUNOS | =18.3-r2-s1 | |
| Juniper JUNOS | =18.3-r2-s2 | |
| Juniper JUNOS | =18.3-r2-s3 | |
| Juniper JUNOS | =18.3-r2-s4 | |
| Juniper JUNOS | =18.3-r3 | |
| Juniper JUNOS | =18.3-r3-s1 | |
| Juniper JUNOS | =18.3-r3-s2 | |
| Juniper JUNOS | =18.3-r3-s3 | |
| Juniper JUNOS | =18.4 | |
| Juniper JUNOS | =18.4-r1 | |
| Juniper JUNOS | =18.4-r1-s1 | |
| Juniper JUNOS | =18.4-r1-s2 | |
| Juniper JUNOS | =18.4-r1-s5 | |
| Juniper JUNOS | =18.4-r1-s6 | |
| Juniper JUNOS | =18.4-r2 | |
| Juniper JUNOS | =18.4-r2-s1 | |
| Juniper JUNOS | =18.4-r2-s2 | |
| Juniper JUNOS | =18.4-r2-s3 | |
| Juniper JUNOS | =18.4-r2-s4 | |
| Juniper JUNOS | =18.4-r3 | |
| Juniper JUNOS | =19.1 | |
| Juniper JUNOS | =19.1-r1 | |
| Juniper JUNOS | =19.1-r1-s1 | |
| Juniper JUNOS | =19.1-r1-s2 | |
| Juniper JUNOS | =19.1-r1-s3 | |
| Juniper JUNOS | =19.1-r1-s4 | |
| Juniper JUNOS | =19.1-r1-s5 | |
| Juniper JUNOS | =19.1-r2 | |
| Juniper JUNOS | =19.1-r2-s1 | |
| Juniper JUNOS | =19.2 | |
| Juniper JUNOS | =19.2-r1 | |
| Juniper JUNOS | =19.2-r1-s1 | |
| Juniper JUNOS | =19.3 | |
| Juniper JUNOS | =19.3-r1 | |
| Juniper JUNOS | =19.3-r1-s1 | |
| Juniper Nfx150 | ||
| Juniper Nfx250 | ||
| Juniper Nfx350 | ||
| Juniper Srx1500 | ||
| Juniper Srx300 | ||
| Juniper Srx320 | ||
| Juniper Srx340 | ||
| Juniper Srx345 | ||
| Juniper Srx380 | ||
| Juniper Srx4100 | ||
| Juniper Srx4200 | ||
| Juniper Srx4600 | ||
| Juniper Srx5400 | ||
| Juniper Srx550 | ||
| Juniper Srx5600 | ||
| Juniper Srx5800 |
Remedy
The following software releases have been updated to resolve this specific issue: Junos OS: 18.3R3-S4, 18.4R3-S1, 19.1R1-S6, 19.1R2-S2, 19.1R3, 19.2R1-S2, 19.2R2, 19.3R2, 19.4R1 and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-0206?
CVE-2021-0206 is a NULL Pointer Dereference vulnerability in Juniper Networks Junos OS that allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in a Denial of Service (DoS).
Which Juniper Networks Junos OS versions are affected by CVE-2021-0206?
Juniper Networks Junos OS versions 18.3 to 19.3 are affected by CVE-2021-0206.
What is the severity of CVE-2021-0206?
CVE-2021-0206 has a severity rating of 7.5 (High).
How can I fix CVE-2021-0206?
To fix CVE-2021-0206, it is recommended to upgrade Juniper Networks Junos OS to a non-vulnerable version as mentioned in the Juniper advisory.
Where can I find more information about CVE-2021-0206?
You can find more information about CVE-2021-0206 in the Juniper Networks security advisory: https://kb.juniper.net/JSA11096
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/title
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/18.3
- version/juniper junos/18.3-r1
- version/juniper junos/18.3-r1-s1
- version/juniper junos/18.3-r1-s2
- version/juniper junos/18.3-r1-s3
- version/juniper junos/18.3-r1-s5
- version/juniper junos/18.3-r1-s6
- version/juniper junos/18.3-r2
- version/juniper junos/18.3-r2-s1
- version/juniper junos/18.3-r2-s2
- version/juniper junos/18.3-r2-s3
- version/juniper junos/18.3-r2-s4
- version/juniper junos/18.3-r3
- version/juniper junos/18.3-r3-s1
- version/juniper junos/18.3-r3-s2
- version/juniper junos/18.3-r3-s3
- version/juniper junos/18.4
- version/juniper junos/18.4-r1
- version/juniper junos/18.4-r1-s1
- version/juniper junos/18.4-r1-s2
- version/juniper junos/18.4-r1-s5
- version/juniper junos/18.4-r1-s6
- version/juniper junos/18.4-r2
- version/juniper junos/18.4-r2-s1
- version/juniper junos/18.4-r2-s2
- version/juniper junos/18.4-r2-s3
- version/juniper junos/18.4-r2-s4
- version/juniper junos/18.4-r3
- version/juniper junos/19.1
- version/juniper junos/19.1-r1
- version/juniper junos/19.1-r1-s1
- version/juniper junos/19.1-r1-s2
- version/juniper junos/19.1-r1-s3
- version/juniper junos/19.1-r1-s4
- version/juniper junos/19.1-r1-s5
- version/juniper junos/19.1-r2
- version/juniper junos/19.1-r2-s1
- version/juniper junos/19.2
- version/juniper junos/19.2-r1
- version/juniper junos/19.2-r1-s1
- version/juniper junos/19.3
- version/juniper junos/19.3-r1
- version/juniper junos/19.3-r1-s1
- canonical/juniper nfx150
- canonical/juniper nfx250
- canonical/juniper nfx350
- canonical/juniper srx1500
- canonical/juniper srx300
- canonical/juniper srx320
- canonical/juniper srx340
- canonical/juniper srx345
- canonical/juniper srx380
- canonical/juniper srx4100
- canonical/juniper srx4200
- canonical/juniper srx4600
- canonical/juniper srx5400
- canonical/juniper srx550
- canonical/juniper srx5600
- canonical/juniper srx5800