CVE-2021-31374 : Exploit Details and Defense Strategies
Discover the impact of CVE-2021-31374 affecting Juniper Networks Junos OS and Junos OS Evolved. Learn about the vulnerability, its technical details, and mitigation steps to secure your network.
On October 13, 2021, Juniper Networks reported a vulnerability affecting Junos OS and Junos OS Evolved. The vulnerability involves a routing process daemon (RPD) crash and restart on devices processing a specially crafted BGP UPDATE or KEEPALIVE message, leading to a Denial of Service (DoS) condition. This impacts both IBGP and EBGP deployments over IPv4 or IPv6 networks.
Understanding CVE-2021-31374
This section delves into the details of the CVE-2021-31374 vulnerability.
What is CVE-2021-31374?
The CVE-2021-31374 vulnerability occurs in Juniper Networks Junos OS and Junos OS Evolved due to the processing of malicious BGP UPDATE or KEEPALIVE messages, resulting in an RPD crash and subsequent restart, leading to a DoS condition.
The Impact of CVE-2021-31374
The vulnerability has a high severity impact, with a CVSS base score of 7.5. It can disrupt the availability of affected devices, potentially causing a sustained DoS condition.
Technical Details of CVE-2021-31374
This section provides technical insights into the CVE-2021-31374 vulnerability.
Vulnerability Description
The vulnerability arises from the processing of specially crafted BGP messages, triggering RPD crashes and subsequent restarts.
Affected Systems and Versions
Devices running Juniper Networks Junos OS versions prior to 20.3R2-EVO are affected by this vulnerability.
Exploitation Mechanism
The exploit involves sending specific BGP UPDATE or KEEPALIVE messages to vulnerable devices, causing RPD crashes.
Mitigation and Prevention
To address the CVE-2021-31374 vulnerability, Juniper Networks has provided the following solutions:
Immediate Steps to Take
Apply the relevant software updates released by Juniper Networks to mitigate the vulnerability.
Long-Term Security Practices
Regularly update Junos OS and Junos OS Evolved to the latest versions to ensure protection against known vulnerabilities.
Patching and Updates
Update to the following software releases to resolve the issue:
- Junos OS: 17.3R3-S11, 17.4R2-S13, 17.4R3-S4, 18.1R3-S12, 18.2R2-S8, 18.3R3-S4, 18.4R1-S8, 18.4R2-S7, 18.4R3-S7, 19.1R1-S6, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S1, 19.3R2-S5, 19.3R3-S1, 19.4R1-S4, 19.4R2-S3, 19.4R3-S1, 20.1R2, 20.1R3, 20.2R2, 20.2R3, 20.3R1-S1, 20.3R2, 20.4R1, and all subsequent releases.
- Junos OS Evolved: 20.3R2-EVO and all subsequent releases.