On Juniper Networks Junos OS Evolved devices, receipt of a specific IPv6 packet may cause an established IPv6 BGP session to terminate, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue does not affect IPv4 BGP sessions. This issue affects IBGP or EBGP peer sessions with IPv6. This issue affects: Juniper Networks Junos OS Evolved: 19.4 versions prior to 19.4R2-S3-EVO; 20.1 versions prior to 20.1R2-S3-EVO; 20.2 versions prior to 20.2R2-S1-EVO; 20.3 versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS releases.
Published 2021-04-22 20:15:08
Updated 2021-10-07 17:12:04
View at NVD,   CVE.org
Vulnerability category: Denial of service

Products affected by CVE-2021-0226

Exploit prediction scoring system (EPSS) score for CVE-2021-0226

0.10%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 42 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-0226

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.0
MEDIUM AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
NIST
7.5
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.9
3.6
NIST
7.1
HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
2.8
4.2
Juniper Networks, Inc.

CWE ids for CVE-2021-0226

  • The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
    Assigned by:
    • nvd@nist.gov (Primary)
    • sirt@juniper.net (Secondary)

References for CVE-2021-0226

  • https://kb.juniper.net/JSA11121
    2021-04 Security Bulletin: Junos OS Evolved: The IPv6 BGP session will flap due to receipt of a specific IPv6 packet - Juniper Networks
    Vendor Advisory
Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!