Rewterz Threat Advisory – CVE-2020-35929 – Kaspersky TinyCheck information disclosure
January 20, 2021Rewterz Threat Advisory – Cisco Data Center Network Manager (DCNM) server-side request forgery
January 21, 2021Rewterz Threat Advisory – CVE-2020-35929 – Kaspersky TinyCheck information disclosure
January 20, 2021Rewterz Threat Advisory – Cisco Data Center Network Manager (DCNM) server-side request forgery
January 21, 2021Severity
High
Analysis Summary
CVE-2021-0221
In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. The traffic loop will cause interface traffic to increase abnormally, ultimately leading to a Denial of Service (DoS) in packet processing.
CVE-2021-0222
A vulnerability in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending certain crafted protocol packets from an adjacent device with invalid payloads to the device.
These crafted packets, which should be discarded, are instead replicated and sent to the RE. Over time, a Denial of Service (DoS) occurs. Continued receipt of these crafted protocol packets will cause an extended Denial of Service (DoS) condition, which may cause wider traffic impact due to protocol flapping.
Impact
Denial of service
Affected Vendors
Juniper
Affected Products
Junos OS QFX10K Series all versions
Remediation
Refer to vendor advisory for the complete list of affected products and their respective patches.
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES