March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Cisco Small Business RV Series Routers Multiple Vulnerabilities
April 16, 2021Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
April 16, 2021Rewterz Threat Advisory – Cisco Small Business RV Series Routers Multiple Vulnerabilities
April 16, 2021Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
April 16, 2021
Severity
Medium
Analysis Summary
CVE-2021-0272
Juniper Networks Junos OS is vulnerable to a denial of service, caused by a kernel memory leak flaw. An attacker can exploit this vulnerability to cause denial-of-service conditions by sending specially crafted packets on the system.
CVE-2021-0271
Juniper Networks Junos OS is vulnerable to a denial of service, caused by a double-free flaw in the software forwarding interface daemon (sfid) process. A remote attacker can exploit this vulnerability to cause the sfid process to crash, resulting in a denial-of-service condition which is done by sending specially crafted ARP packets on the system.
CVE-2021-0269
Juniper Networks Junos OS could allow a remote attacker to bypass security restrictions, caused by improper handling of client-side parameters in the J-Web component. An attacker can exploit this vulnerability to input validation mechanisms, modify J-Web’s normal behavior, and bypass web application firewall rules.
CVE-2021-0268
Juniper Networks Junos OS is vulnerable to HTTP response splitting attacks. By injecting arbitrary HTTP headers, a remote attacker can exploit the vulnerability and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as cross-site scripting, Web cache poisoning, and possibly obtain sensitive information.
CVE-2021-0267
Juniper Networks Junos OS is vulnerable to a denial of service, caused by improper input validation in the active-lease query portion in JDHCPD’ss DHCP Relay Agent. A remote attacker can exploit the vulnerability by sending a specially-crafted DHCP packet to cause the jdhcpd DHCP service to crash and results in a denial of service condition.
Impact
- Denial-of-Service
- Bypass Security
- HTTP response splitting
Affected Vendors
Juniper
Affected Products
- Juniper Networks Junos OS 17.3
- Juniper Networks Junos OS 16.1
- Juniper Networks Junos OS 18.1
- Juniper Networks Junos OS 18.2
- Juniper Networks Junos OS 18.4
- Juniper Networks Junos OS 12.3
- Juniper Networks EX2200-C Series
- Juniper Networks EX3200 Series
- Juniper Networks Junos OS 20.1
Remediation
Refer to the Juniper Networks Security website for more information about the affected products and mitigation techniques. https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11160&cat=SIRT_1&actp=LIST