NVD – CVE-2021-0229

ByPR 24



CVE-2021-0229
Detail

Description

An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) server of Juniper Networks Junos OS allows an attacker to cause MQTT server to crash and restart leading to a Denial of Service (DoS) by sending a stream of specific packets. A Juniper Extension Toolkit (JET) application designed with a listening port uses the Message Queue Telemetry Transport (MQTT) protocol to connect to a mosquitto broker that is running on Junos OS to subscribe for events. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: 16.1R1 and later versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1.

Severity


CVSS 3.x Severity and Metrics:

References to Advisories, Solutions, and Tools


By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to nvd@nist.gov.

Weakness Enumeration









CWE-ID CWE Name Source

CWE-400
Uncontrolled Resource Consumption





Contributor acceptance level


Juniper Networks, Inc.  

Change History

0 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2021-0229
NVD
Published Date:
04/22/2021
NVD
Last Modified:
04/22/2021

Source:
Juniper Networks, Inc.


Similar Posts

Amazon CEO Andy Jassy to join executives at White House cybersecurity meeting: Source

Amazon CEO Andy Jassy to join executives at White House cybersecurity meeting: Source

ByPR 24

Amazon Chief Executive Andy Jassy will join tech executives at a White House meeting with President Joe Biden on Wednesday (Aug 25) to discuss efforts by private companies to improve cybersecurity, a source familiar with the matter told Reuters. The source asked not to be identified as the information was not public. Apple CEO Tim…

Acer reportedly falls victim to $50M ransomware attack

Acer reportedly falls victim to $50M ransomware attack

ByPR 24

The Taiwanese computer manufacturer Acer has been reportedly hit with a ransomware attack, with hackers demanding $50 million from the company – one of the largest ransom demand to date. According to Bleeping Computer, the culprit behind the attack is believed to be the REvil ransomware gang. The group announced the breach on their leak…

John McAfee: antivirus entrepreneur found dead in Spanish prison | John McAfee

ByPR 24

The antivirus software entrepreneur John McAfee has been found dead in his cell in Spain from an apparent suicide, hours after the country’s highest court approved his extradition to the United States, where he was wanted on tax-related criminal charges that carry a prison sentence of up to 30 years. Catalonia’s regional police force, the…

CISA releases a new guide on mapping adversary behavior to the MITRE ATT&CK

CISA releases a new guide on mapping adversary behavior to the MITRE ATT&CK

ByPR 24

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has provided a new guidance called “Best Practices for MITRE ATT&CK Mapping”, which is designed to help network defenders to better understand adversary behavior. The main objective is to encourage a common language in threat actor analysis, showing threat intelligence analysts how to map attackers…

State-Sponsored Successor to “Project Signal” Ransomware Campaign Discovered

State-Sponsored Successor to “Project Signal” Ransomware Campaign Discovered

ByPR 24

Iranian state-sponsored attackers have been linked to a variety of cyberespionage activities aimed at organizations all over the world. Flashpoint security experts recently discovered another ransomware strain from Iran, that has been operating since July 2020. According to Flashpoint, Iran’s Islamic Revolutionary Guard Corps (IRGC) was running a ransomware campaign through Emen Net Pasargard, an Iranian…