Critical Remote Code Execution Vulnerability — Juniper OS

Home/Security Update, Software Issues/Critical Remote Code Execution Vulnerability — Juniper OS

Critical Remote Code Execution Vulnerability — Juniper OS

During external security research a CRITICAL remote code execution vulnerability discovered in overlayd service.

CVE-2021-0254 — JUNOS

Description

A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering:

  • a partial Denial of Service (DoS) condition
  • or leading to remote code execution (RCE).

However, Continued receipt and processing of these packets will sustain the partial DoS.

The overlayd daemon handles Overlay OAM packets, such as ping and traceroute, sent to the overlay. The service runs as root by default and listens for UDP connections on port 4789.

In addition, this issue results from improper buffer size validation, which can lead to a buffer overflow. Unauthenticated attackers can send specially crafted packets to trigger this vulnerability, resulting in possible remote code execution.

Notably, overlayd runs by default in MX Series, ACX Series, and QFX Series platforms. Other platforms are also vulnerable if a Virtual Extensible LAN (VXLAN) overlay network is configured.

However, it was

Product Affected

This issue affects Junos OS 15.1X49, 15.1, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2, 19.3, 19.4, 20.1, 20.2, 20.3.

In addition, there is no minimum configuration required to be vulnerable to this issue.

On the other hand, Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

Security Recommendation

Two methods exist to mitigate this issue:

  1. Limit the exploitable attack surface of critical infrastructure networking equipment by using access lists or firewall filters to limit access to the device via UDP only from trusted, administrative networks or hosts.
     
  2. Disable Overlay OAM packet via the configuration command: set system processes overlay-ping-traceroute disable

The following software releases updated to resolve this specific issue:

Junos OS 15.1X49-D240, 15.1R7-S9, 17.3R3-S11, 17.4R2-S13, 17.4R3-S4, 18.1R3-S12, 18.2R2-S8, 18.2R3-S7, 18.3R3-S4, 18.4R1-S8, 18.4R2-S7, 18.4R3-S7, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R3-S1, 19.4R2-S4, 19.4R3-S1, 20.1R2-S1, 20.1R3, 20.2R2, 20.2R2-S1, 20.2R3, 20.3R1-S1, 20.4R1, and all subsequent releases.

In short, Software releases or updates are available for download at https://support.juniper.net/support/downloads/

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2021-04-17T21:05:10+05:30 April 17th, 2021|Security Update, Software Issues|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!