CVE-2021-0276

Published: Jul 15, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: sirt@juniper.net (Secondary)

Description

A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Carrier with EAP (Extensible Authentication Protocol) authentication configured, allows an attacker sending specific packets causing the radius daemon to crash resulting with a Denial of Service (DoS) or leading to remote code execution (RCE). By continuously sending this specific packets, an attacker can repeatedly crash the radius daemon, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks SBR Carrier: 8.4.1 versions prior to 8.4.1R19; 8.5.0 versions prior to 8.5.0R10; 8.6.0 versions prior to 8.6.0R4.

Affected (5)

Products: Juniper: Steel Belted Radius Carrier

Juniper

1 product

Steel Belted Radius Carrier

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Juniper Steel Belted Radius Carrier	Version 8.4.1
Juniper Steel Belted Radius Carrier	Version 8.4.1 r13
Juniper Steel Belted Radius Carrier	Version 8.5.0
Juniper Steel Belted Radius Carrier	Version 8.5.0 r4
Juniper Steel Belted Radius Carrier	Version 8.6.0

Related CWEs

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://kb.juniper.net/JSA11180

Source: sirt@juniper.net

Vendor Advisory

https://kb.juniper.net/JSA11180

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.