CVE-2021-0225

Junos OS Evolved: Stateless IP firewall filter does not work as expected

CVSS 5.8 MEDIUMEPSS 0.7%CWE-754

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.8EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

22 Apr 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action 'policer' in certain combinations with other options to not take effect. An administrator can use the following CLI command to see the failures with filter configuration: user@device> show log kfirewall-agent.log | match ERROR Jul 23 14:16:03 ERROR: filter not supported This issue affects Juniper Networks Junos OS Evolved: Versions 19.1R1-EVO and above prior to 20.3R1-S2-EVO, 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Affected products

Juniper Networks · Junos OS Evolved

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://kb.juniper.net/JSA11120