Vulnerability Details : CVE-2021-0225
An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action 'policer' in certain combinations with other options to not take effect. An administrator can use the following CLI command to see the failures with filter configuration: user@device> show log kfirewall-agent.log | match ERROR Jul 23 14:16:03 ERROR: filter not supported This issue affects Juniper Networks Junos OS Evolved: Versions 19.1R1-EVO and above prior to 20.3R1-S2-EVO, 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS.
Products affected by CVE-2021-0225
- cpe:2.3:o:juniper:junos_os_evolved:19.1:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos_os_evolved:19.1:r2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos_os_evolved:19.2:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos_os_evolved:19.2:r2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos_os_evolved:19.3:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos_os_evolved:19.3:r2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos_os_evolved:20.1:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos_os_evolved:20.1:r1-s1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos_os_evolved:20.2:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos_os_evolved:20.2:r1-s1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos_os_evolved:20.3:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos_os_evolved:20.3:r1-s1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-0225
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-0225
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
5.8
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N |
3.9
|
1.4
|
NIST | |
5.8
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N |
3.9
|
1.4
|
Juniper Networks, Inc. |
CWE ids for CVE-2021-0225
-
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.Assigned by:
- nvd@nist.gov (Primary)
- sirt@juniper.net (Secondary)
References for CVE-2021-0225
-
https://kb.juniper.net/JSA11120
2021-04 Security Bulletin: Junos OS Evolved: Stateless IP firewall filter does not work as expected (CVE-2021-0225) - Juniper NetworksVendor Advisory
Jump to