CVE-2021-0292

Опубликовано: 15 июл. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 3.3

EPSS Низкий

Описание

An Uncontrolled Resource Consumption vulnerability in the ARP daemon (arpd) and Network Discovery Protocol (ndp) process of Juniper Networks Junos OS Evolved allows a malicious attacker on the local network to consume memory resources, ultimately resulting in a Denial of Service (DoS) condition. Link-layer functions such as IPv4 and/or IPv6 address resolution may be impacted, leading to traffic loss. The processes do not recover on their own and must be manually restarted. Changes in memory usage can be monitored using the following shell commands (header shown for clarity): user@router:/var/log# ps aux | grep arpd USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 31418 59.0 0.7 5702564 247952 ? xxx /usr/sbin/arpd --app-name arpd -I object_select --shared-objects-mode 3 user@router:/var/log# ps aux | grep arpd USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 31418 49.1 1.0 5813156 351184 ? xxx /usr/sbin/arpd --app-name arpd -I object_select --shared-objects-mod

Ссылки

https://kb.juniper.net/JSA11194
Vendor Advisory
https://kb.juniper.net/JSA11194
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:juniper:junos_os_evolved:19.4:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:19.4:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:19.4:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:19.4:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:20.1:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:20.1:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:20.1:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:20.1:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:20.1:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:20.1:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:20.1:r2-s3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:20.2:-:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00081

Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-400

Связанные уязвимости

GHSA-grjp-mm84-7748

github

больше 3 лет назад

An Uncontrolled Resource Consumption vulnerability in the ARP daemon (arpd) and Network Discovery Protocol (ndp) process of Juniper Networks Junos OS Evolved allows a malicious attacker on the local network to consume memory resources, ultimately resulting in a Denial of Service (DoS) condition. Link-layer functions such as IPv4 and/or IPv6 address resolution may be impacted, leading to traffic loss. The processes do not recover on their own and must be manually restarted. Changes in memory usage can be monitored using the following shell commands (header shown for clarity): user@router:/var/log# ps aux | grep arpd USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 31418 59.0 0.7 *5702564* 247952 ? xxx /usr/sbin/arpd --app-name arpd -I object_select --shared-objects-mode 3 user@router:/var/log# ps aux | grep arpd USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 31418 49.1 1.0 *5813156* 351184 ? xxx /usr/sbin/arpd --app-name arpd -I object_select --shared-objects-...

BDU:2021-03954