CVE-2021-31353

Q: What is the severity of CVE-2021-31353?

CVE-2021-31353 has a CVSS score of 7.5 (HIGH). This CVE describes an Improper Handling of Exceptional Conditions vulnerability in Juniper Junos OS and Junos OS Evolved. An attacker can send a specially crafted BGP update to cause the routing protocol daemon (RPD) to crash and restart, creating a denial of service condition. Affected systems include specific versions of Juniper Junos OS and Junos OS Evolved as detailed in the advisory.

7.5 HIGH

Denial of Service

📋 TL;DR

This CVE describes an Improper Handling of Exceptional Conditions vulnerability in Juniper Junos OS and Junos OS Evolved. An attacker can send a specially crafted BGP update to cause the routing protocol daemon (RPD) to crash and restart, creating a denial of service condition. Affected systems include specific versions of Juniper Junos OS and Junos OS Evolved as detailed in the advisory.

💻 Affected Systems

Products:

Juniper Junos OS
Juniper Junos OS Evolved

Versions: Junos OS: 19.3R3-S2; 19.4R3-S3; 20.2 versions 20.2R2-S3 and later, prior to 20.2R3-S2; 20.3 versions 20.3R2 and later, prior to 20.3R3; 20.4 versions 20.4R2 and later, prior to 20.4R3; 21.1 versions prior to 21.1R2. Junos OS Evolved: All versions prior to 20.4R2-S3-EVO, 20.4R3-EVO; 21.1-EVO versions prior to 21.1R2-EVO; 21.2-EVO versions prior to 21.2R2-EVO.

Operating Systems: Junos OS, Junos OS Evolved

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems running BGP. Junos OS 20.1 is not affected.

📦 What is this software?

Junos by Juniper

Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...

Learn more about Junos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained denial of service affecting network routing, potentially causing widespread network outages and service disruption.

🟠

Likely Case

Intermittent RPD crashes leading to routing instability and temporary network connectivity issues.

🟢

If Mitigated

Limited impact with proper network segmentation and BGP filtering controls in place.

🌐 Internet-Facing: HIGH - BGP peers can be internet-facing, allowing remote attackers to exploit this vulnerability.

🏢 Internal Only: MEDIUM - Internal BGP peers could also exploit this, though typically with more limited access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires BGP peer access but no authentication. The specific BGP update pattern needed is not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Junos OS: 19.3R3-S3, 19.4R3-S4, 20.2R3-S2, 20.3R3, 20.4R3, 21.1R2. Junos OS Evolved: 20.4R2-S3-EVO, 20.4R3-EVO, 21.1R2-EVO, 21.2R2-EVO.

Vendor Advisory: https://kb.juniper.net/JSA11218

Restart Required: Yes

Instructions:

1. Check current version with 'show version'. 2. Download appropriate patch from Juniper support. 3. Apply patch following Juniper upgrade procedures. 4. Reboot device to complete installation.

🔧 Temporary Workarounds

BGP Route Filtering

all

Implement BGP route filtering to block potentially malicious BGP updates from untrusted peers.

set policy-options policy-statement FILTER-IN term BLOCK-MALICIOUS from community MALICIOUS
set policy-options policy-statement FILTER-IN term BLOCK-MALICIOUS then reject
set protocols bgp group EXTERNAL import FILTER-IN

BGP Peer Authentication

all

Enable MD5 authentication for BGP sessions to prevent unauthorized BGP updates.

set protocols bgp group EXTERNAL authentication-key "your-secret-key"

🧯 If You Can't Patch

Implement strict BGP route filtering and peer authentication
Segment BGP peers and limit exposure to untrusted networks

🔍 How to Verify

Check if Vulnerable:

Run 'show version' and compare with affected version list. Check if BGP is configured with 'show configuration protocols bgp'.

Check Version:

show version

Verify Fix Applied:

After patching, verify version with 'show version' matches patched versions. Monitor RPD stability with 'show system processes extensive'.

📡 Detection & Monitoring

Log Indicators:

RPD crash messages in system logs
BGP session flaps
High CPU/memory usage by RPD process

Network Indicators:

Unusual BGP update patterns
Increased BGP session resets
Routing table instability

SIEM Query:

source="junos" AND ("RPD" AND "crash") OR ("bgp" AND "session" AND "down")

📊 Metadata

CVE ID: CVE-2021-31353

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-755

Published: October 19, 2021

Last Updated: November 21, 2024

🔗 References

https://kb.juniper.net/JSA11218 Exploit,Mitigation,Vendor Advisory
https://kb.juniper.net/JSA11218 Exploit,Mitigation,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Junos by Juniper

Junos by Juniper

Junos by Juniper

Junos by Juniper

Junos by Juniper

Junos by Juniper

Junos by Juniper

Junos by Juniper

Junos by Juniper

Junos by Juniper

Junos by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

BGP Route Filtering

BGP Peer Authentication

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities