CVE-2021-0299
📋 TL;DR
A vulnerability in Juniper Junos OS allows remote attackers to cause a denial of service by sending specially crafted IPv6 packets. When processed, these packets trigger a kernel crash that forces the device to reboot, creating a sustained DoS condition. Only systems with IPv6 configured running affected Junos OS versions are vulnerable.
💻 Affected Systems
- Juniper Networks Junos OS
📦 What is this software?
Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →⚠️ Risk & Real-World Impact
Worst Case
Sustained denial of service causing repeated device reboots, network outages, and potential cascading failures in critical infrastructure.
Likely Case
Intermittent device crashes and reboots leading to network instability and service disruption.
If Mitigated
Minimal impact with proper network segmentation, IPv6 filtering, and updated systems.
🎯 Exploit Status
Exploitation requires sending malformed IPv6 packets to vulnerable devices. No authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 19.4R3, 20.1R2, 20.2R1-S1, or 20.2R2
Vendor Advisory: https://kb.juniper.net/JSA11213
Restart Required: Yes
Instructions:
1. Check current Junos OS version. 2. Download appropriate fixed version from Juniper support. 3. Install update following Juniper upgrade procedures. 4. Reboot device to apply changes.
🔧 Temporary Workarounds
Disable IPv6
allTemporarily disable IPv6 functionality to prevent exploitation
set system no-ipv6-routing
commit
Filter IPv6 Traffic
allImplement firewall rules to block or limit IPv6 traffic to vulnerable devices
set firewall family inet6 filter BLOCK-IPV6 term 1 then discard
commit
🧯 If You Can't Patch
- Implement strict IPv6 traffic filtering at network perimeter
- Segment vulnerable devices and limit IPv6 exposure
🔍 How to Verify
Check if Vulnerable:
Check Junos OS version and IPv6 configuration: show version | match Junos, show configuration system | match ipv6Check Version:
show version | match JunosVerify Fix Applied:
Verify Junos OS version is patched: show version | match Junos, confirm version is 19.4R3, 20.1R2, 20.2R1-S1, or 20.2R2📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- Unexpected system reboots
- IPv6 packet processing errors
Network Indicators:
- Unusual IPv6 traffic patterns
- Malformed IPv6 packets
- Device unreachability
SIEM Query:
source="juniper-firewall" AND ("kernel panic" OR "system reboot" OR "IPv6 error")