Description

A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the crafted ARP packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series. 12.3 versions prior to 12.3R12-S17; 15.1 versions prior to 15.1R7-S8. This issue only affects the listed Marvell-chipset based EX Series devices. No other products or platforms are affected.

Related CPE's

o

juniper

junos

72

h

juniper

ex2200-c

-

h

juniper

ex3200

-

h

juniper

ex3300

-

h

juniper

ex4200

-

h

juniper

ex4500

-

h

juniper

ex4550

-

h

juniper

ex6210

-

h

juniper

ex8208

-

h

juniper

ex8216

-

References

https://kb.juniper.net/JSA11162

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-415

[email protected]

Secondary
CWE-415

CVSS impact metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-04-22T20:15:10.053

4 years ago

Last modified

2021-07-23T19:11:26.507

3 years ago