CVE-2021-31365
Last modified
CVE-2021-31365 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. An Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS on EX2300, EX3400 and EX4300 Series platforms allows an adjacent attacker sending a stream of layer 2 frames will trigger an Aggregated Ethernet (AE) interface to go down and thereby causing a Denial of Service (DoS). By continuously sending a stream of specific layer 2 frames an attacker will sustain the Denial of Service (DoS) condition. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
An Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS on EX2300, EX3400 and EX4300 Series platforms allows an adjacent attacker sending a stream of layer 2 frames will trigger an Aggregated Ethernet (AE) interface to go down and thereby causing a Denial of Service (DoS). By continuously sending a stream of specific layer 2 frames an attacker will sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS EX4300 Series All versions prior to 15.1R7-S7; 16.1 versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS EX3400 and EX4300-MP Series All versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S9, 18.4R3-S7; 19.1 versions prior to 19.1R2-S3, 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS EX2300 Series All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R2.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Juniper | Junos | < 18.1 | — |
| Juniper | Junos | 18.1 | — |
| Juniper | Junos | 18.2 | — |
| Juniper | Junos | 18.3 | — |
| Juniper | Junos | 18.4 | — |
| Juniper | Junos | 19.1 | — |
| Juniper | Junos | 19.2 | — |
| Juniper | Junos | 19.3 | — |
| Juniper | Junos | 19.4 | R1 |
| Juniper | Junos | 20.1 | R1 |
| Juniper | Junos | 20.2 | R1 |
| Juniper | Junos | 20.3 | R1 |
| Juniper | Junos | < 15.1 | — |
| Juniper | Junos | 15.1 | — |
| Juniper | Junos | 16.1 | — |
| Juniper | Junos | 17.1 | — |
| Juniper | Junos | 17.2 | — |
| Juniper | Junos | 17.3 | — |
| Juniper | Junos | 17.4 | — |
| Juniper | Junos | < 18.3 | — |
| Juniper | Junos | 20.4 | R1 |
| Juniper | Junos | 21.1 | R1 |
References
- https://kb.juniper.net/JSA11227Vendor Advisory
- https://kb.juniper.net/JSA11227Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-31365?
How severe is CVE-2021-31365?
How do I fix CVE-2021-31365?
Are you affected by CVE-2021-31365?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST