Rewterz

Rewterz Threat Advisory – CVE-2021-27394 – ICS: Siemens Mendix

April 22, 2021
Rewterz

Rewterz Threat Alert – Trickbot – Active IOCs

April 22, 2021

Rewterz Threat Advisory – Junos OS Remote Code Execution Vulnerability

Severity

High

Analysis Summary

CVE-2021-0254

Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). Continued receipt and processing of these packets will sustain the partial DoS. The service runs as root by default and listens for UDP connections on port 4789. This issue results from improper buffer size validation, which can lead to a buffer overflow. Unauthenticated attackers can send specially crafted packets to trigger this vulnerability, resulting in possible remote code execution.

Impact

Denial of service Remote code execution

Affected Vendors

Juniper

Affected Products

  • Junos OS 15.1X49
  • Juniper Junos OS 17.3
  • Juniper Junos OS 17.4
  • Juniper Junos OS 18.1
  • Juniper Junos OS 18.2
  • Juniper Junos OS 18.4
  • Juniper Junos OS 19.1
  • Juniper Junos OS 19.2
  • Juniper Junos OS 19.3
  • Juniper Junos OS 19.4
  • Juniper Junos OS 20.1
  • Juniper Junos OS 20.2
  • Juniper Junos OS 20.3

Remediation

Refer to Juniper advisory for the complete list of affected products and their respective patches.

https://support.juniper.net/support/downloads/

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.