CVE-2021-0295 : What You Need to Know

A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks Junos OS on the QFX10K Series switches allows an attacker to trigger a packet forwarding loop, leading to a partial Denial of Service (DoS).

Understanding CVE-2021-0295

This vulnerability affects Juniper Networks Junos OS on QFX10K Series switches, impacting various versions of the software.

What is CVE-2021-0295?

The issue is caused by DVMRP packets looping on a multi-homed Ethernet Segment Identifier (ESI) when VXLAN is configured, resulting in a DoS condition on the affected devices.

The Impact of CVE-2021-0295

Exploitation of this vulnerability could lead to a partial Denial of Service (DoS) on the QFX10K Series switches, affecting their normal operation.

Technical Details of CVE-2021-0295

This section provides detailed technical information about the vulnerability.

Vulnerability Description

DVMRP packets received on a multi-homed ESI are incorrectly forwarded out the same ESI when VXLAN is configured, violating the split horizon rule.

Affected Systems and Versions

The vulnerability affects Juniper Networks Junos OS on QFX10K Series switches including versions 17.3 to 20.4.

Exploitation Mechanism

The vulnerability can be exploited by sending DVMRP packets on a multi-homed ESI, triggering a packet forwarding loop on the affected devices.

Mitigation and Prevention

To address CVE-2021-0295, follow the mitigation and prevention measures below.

Immediate Steps to Take

Update the Junos OS to the fixed versions mentioned in the solution provided by Juniper Networks.

Long-Term Security Practices

Regularly update and patch the Junos OS to prevent security vulnerabilities and follow best security practices.

Patching and Updates

Install the necessary patches and updates provided by Juniper Networks to mitigate the vulnerability.