Detections
Analytics

Juniper Junos OS Vulnerability (JSA11195)

high Nessus Plugin ID 151633

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11195 advisory.

 - vulnerability in Juniper Networks Junos OS caused by Missing Release of Memory after Effective Lifetime leads to a memory leak each time the CLI command 'show system connections extensive' is executed. The amount of memory leaked on each execution depends on the number of TCP connections from and to the system.
 Repeated execution will cause more memory to leak and eventually daemons that need to allocate additionally memory and ultimately the kernel to crash, which will result in traffic loss. (CVE-2021-0293)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Apply the relevant Junos software release referenced in Juniper advisory JSA11195

See Also

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0293

https://kb.juniper.net/JSA11195

Plugin Details

Severity: High

ID: 151633

File Name: juniper_jsa11195.nasl

Version: 1.4

Type: combined

Published: 7/14/2021

Updated: 1/26/2022

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-0293

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/JUNOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 7/14/2021

Vulnerability Publication Date: 7/14/2021

Reference Information

IAVA: 2021-A-0324-S

JSA: JSA11195