Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices with QFX 5e Series image installed, ddos-protection configuration changes will not take effect beyond the default DDoS (Distributed Denial of Service) settings when configured from the CLI. The DDoS protection (jddosd) daemon allows the device to continue to function while protecting the packet forwarding engine (PFE) during the DDoS attack. When this issue occurs, the default DDoS settings within the PFE apply, as CPU bound packets will be throttled and dropped in the PFE when the limits are exceeded. To check if the device has this issue, the administrator can execute the following command to monitor the status of DDoS protection: user@device> show ddos-protection protocols error: the ddos-protection subsystem is not running This issue affects only QFX5100-96S devices. No other products or platforms are affected by this issue. This issue affects: Juniper Networks Junos OS on QFX5100-96S: 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R3, 19.1R3-S4; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2;
Published 2021-04-22 20:15:09
Updated 2021-04-27 15:05:19
View at NVD,   CVE.org
Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2021-0234

0.09%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-0234

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.0
MEDIUM AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
NIST
5.8
MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
3.9
1.4
Juniper Networks, Inc.

CWE ids for CVE-2021-0234

  • The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
    Assigned by:
    • nvd@nist.gov (Primary)
    • sirt@juniper.net (Secondary)

References for CVE-2021-0234

  • https://kb.juniper.net/JSA11129
    2021-04 Security Bulletin: Junos OS: QFX5100-96S: DDoS protection does not work as expected. (CVE-2021-0234) - Juniper Networks
    Vendor Advisory

Products affected by CVE-2021-0234

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!