CVE-2021-0267

Description

An Improper Input Validation vulnerability in the active-lease query portion in JDHCPDs DHCP Relay Agent of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending a crafted DHCP packet to the device thereby crashing the jdhcpd DHCP service. This is typically configured for Broadband Subscriber Sessions. Continued receipt and processing of this crafted packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Junos OS Evolved.

Risk Information

Base Score

6.5

MODERATE

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

Exploitation Probability

0.056

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2020-1645,CVE-2021-0258,CVE-2021-0267,CVE-2021-0268 are fixed in junos 19.4R1-S3	NCM
Vulnerabilities CVE-2020-1648,CVE-2021-0267,CVE-2021-0268 are fixed in junos 20.1R1-S2	NCM
Improper Input Validation Vulnerability (CVE-2021-0267)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1704488	Security Update for junos 9.2r1
PATCH-1704488	Security Update for junos 9.2r1

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234