How severe is CVE-2021-0209?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2021-0209?

This is classified as CWE-824, which is a common weakness in software security.

CVE-2021-0209 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

In Juniper Networks Junos OS Evolved an attacker sending certain valid BGP update packets may cause Junos OS Evolved to access an uninitialized pointer causing RPD to core leading to a Denial of Service (DoS). Continued receipt of these types of valid BGP update packets will cause an extended Denial of Service condition. RPD will require a restart to recover. An indicator of compromise is to see if the file rpd.re exists by issuing the command: show system core-dumps This issue affects: Juniper Networks Junos OS Evolved 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S2-EVO, 20.1R2-S1-EVO. This issue does not affect Junos OS.

Related Vulnerabilities

CVE-2018-9948

MEDIUM

CVSS:6.5(Medium)

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that...

CWE-8242018

CVE-2019-11498

MEDIUM

CVSS:6.5(Medium)

WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a den...

CWE-8242019

CVE-2020-11721

MEDIUM

CVSS:6.5(Medium)

load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service.

CWE-8242020

CVE-2020-6093

MEDIUM

CVSS:6.5(Medium)

An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in ...

CWE-8242020

CVE-2021-26093

MEDIUM

CVSS:6.5(Medium)

An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the con...

CWE-8242021

CVE-2021-34596

MEDIUM

CVSS:6.5(Medium)

A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.

CWE-8242021