NVD – CVE-2021-0229

ByPR 24



CVE-2021-0229
Detail

Description

An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) server of Juniper Networks Junos OS allows an attacker to cause MQTT server to crash and restart leading to a Denial of Service (DoS) by sending a stream of specific packets. A Juniper Extension Toolkit (JET) application designed with a listening port uses the Message Queue Telemetry Transport (MQTT) protocol to connect to a mosquitto broker that is running on Junos OS to subscribe for events. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: 16.1R1 and later versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1.

Severity


CVSS 3.x Severity and Metrics:

References to Advisories, Solutions, and Tools


By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to nvd@nist.gov.

Weakness Enumeration









CWE-ID CWE Name Source

CWE-400
Uncontrolled Resource Consumption





Contributor acceptance level


Juniper Networks, Inc.  

Change History

0 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2021-0229
NVD
Published Date:
04/22/2021
NVD
Last Modified:
04/22/2021

Source:
Juniper Networks, Inc.


Similar Posts

Supply-chain attack on Kaseya remote management software targets MSPs

Supply-chain attack on Kaseya remote management software targets MSPs

ByPR 24

Over 1,000 businesses from around the world have reportedly been impacted in a supply-chain attack where hackers exploited a vulnerability in a remote computer management tool called Kaseya VSA to deploy the REvil ransomware. Kaseya shut down its cloud-based service and urged all users with on-premises deployments, which includes many managed services providers (MSPs), to…

Attack Taking Big Bite Out of Revenue

Attack Taking Big Bite Out of Revenue

ByPR 24

Breach Notification , Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime SEC Filing Predicts $10 Million to $15 Million Impact Marianne Kolbasuk McGee (HealthInfoSec) • May 5, 2021     SmileDirectClub, which sells teeth-straightening appliances, expects that a recent cyberattack, which disrupted the manufacturing of its products, will take a $10 million…

SonicWall warns customers to patch 3 zero-days exploited in the wild

SonicWall warns customers to patch 3 zero-days exploited in the wild

ByPR 24

Security hardware manufacturer SonicWall is urging customers to patch a set of three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products. “In at least one known case, these vulnerabilities have been observed to be exploited ‘in the wild,’” SonicWall said in a security advisory published earlier today. The company said it’s “imperative” that organizations using…