CVE-2021-0290
CVE-2021-0290 is a medium-severity vulnerability in Juniper Junos with a CVSS 3.x base score of 6.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-755.
Key facts
- Severity: Medium (CVSS 3.x base score 6.5)
- CVSS v2: 3.3
- EPSS exploit prediction: 0% (30th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-755
- Affected product: Juniper Junos
- Published:
- Last modified:
Description
Improper Handling of Exceptional Conditions in Ethernet interface frame processing of Juniper Networks Junos OS allows an attacker to send specially crafted frames over the local Ethernet segment, causing the interface to go into a down state, resulting in a Denial of Service (DoS) condition. The interface does not recover on its own and the FPC must be reset manually. Continued receipt and processing of these frames will create a sustained Denial of Service (DoS) condition. This issue is platform-specific and affects the following platforms and line cards: * MPC7E/8E/9E and MPC10E on MX240, MX480, MX960, MX2008, MX2010, and MX2020 * MX204, MX10003, MX10008, MX10016 * EX9200, EX9251 * SRX4600 No other products or platforms are affected by this vulnerability. An indication of this issue occurring can be seen in the system log messages, as shown below: user@host> show log messages | match "Failed to complete DFE tuning" fpc4 smic_phy_dfe_tuning_state: et-4/1/6 - Failed to complete DFE tuning (count 3) and interface will be in a permanently down state: user@host> show interfaces et-4/1/6 terse Interface Admin Link Proto Local Remote et-4/1/6 up down et-4/1/6.0 up down aenet --> ae101.0 This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S7 on MX Series; 17.1R1 and later versions prior to 17.2R3-S3 on MX Series; 17.3 versions prior to 17.3R3-S8 on MX Series; 17.4 versions prior to 17.4R2-S11, 17.4R3-S1 on MX Series, SRX4600; 18.1 versions prior to 18.1R3-S10 on MX Series, EX9200 Series, SRX4600; 18.2 versions prior to 18.2R3-S3 on MX Series, EX9200 Series, SRX4600; 18.3 versions prior to 18.3R3-S1 on MX Series, EX9200 Series, SRX4600; 18.4 versions prior to 18.4R2-S3, 18.4R3 on MX Series, EX9200 Series, SRX4600; 19.1 versions prior to 19.1R2-S1, 19.1R3 on MX Series, EX9200 Series, SRX4600; 19.2 versions prior to 19.2R1-S3, 19.2R2 on MX Series, EX9200 Series, SRX4600; 19.3 versions prior to 19.3R2 on MX Series, EX9200 Series, SRX4600. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1.
Frequently asked questions
- What is CVE-2021-0290?
- Improper Handling of Exceptional Conditions in Ethernet interface frame processing of Juniper Networks Junos OS allows an attacker to send specially crafted frames over the local Ethernet segment, causing the interface to go into a down state, resulting in a Denial of Service (DoS) condition. The interface does not recover on its own and the FPC must be reset manually. Continued receipt and processing of these frames will create a sustained Denial of Service (DoS) condition. This issue is platform-specific and affects the following platforms and line cards: * MPC7E/8E/9E and MPC10E on MX240, MX480, MX960, MX2008, MX2010, and MX2020 * MX204, MX10003, MX10008, MX10016 * EX9200, EX9251 * SRX4600 No other products or platforms are affected by this vulnerability. An indication of this issue occurring can be seen in the system log messages, as shown below: user@host> show log messages | match "Failed to complete DFE tuning" fpc4 smic_phy_dfe_tuning_state: et-4/1/6 - Failed to complete DFE tuning (count 3) and interface will be in a permanently down state: user@host> show interfaces et-4/1/6 terse Interface Admin Link Proto Local Remote et-4/1/6 up down et-4/1/6.0 up down aenet --> ae101.0 This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S7 on MX Series; 17.1R1 and later versions prior to 17.2R3-S3 on MX Series; 17.3 versions prior to 17.3R3-S8 on MX Series; 17.4 versions prior to 17.4R2-S11, 17.4R3-S1 on MX Series, SRX4600; 18.1 versions prior to 18.1R3-S10 on MX Series, EX9200 Series, SRX4600; 18.2 versions prior to 18.2R3-S3 on MX Series, EX9200 Series, SRX4600; 18.3 versions prior to 18.3R3-S1 on MX Series, EX9200 Series, SRX4600; 18.4 versions prior to 18.4R2-S3, 18.4R3 on MX Series, EX9200 Series, SRX4600; 19.1 versions prior to 19.1R2-S1, 19.1R3 on MX Series, EX9200 Series, SRX4600; 19.2 versions prior to 19.2R1-S3, 19.2R2 on MX Series, EX9200 Series, SRX4600; 19.3 versions prior to 19.3R2 on MX Series, EX9200 Series, SRX4600. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1.
- How severe is CVE-2021-0290?
- CVE-2021-0290 has a CVSS 3.x base score of 6.5, rated medium severity. It is exploitable over an adjacent network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2021-0290 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (30th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2021-0290?
- CVE-2021-0290 primarily affects Juniper Junos. In total, 162 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2021-0290?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2021-0290 published?
- CVE-2021-0290 was published on 2021-07-15 and last updated on 2026-06-17.
References
Affected products (162)
- cpe:2.3:o:juniper:junos:16.1:-:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r3-s11:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r3-s8:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r4-s12:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r4-s2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r4-s3:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r4-s4:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r4-s6:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r4-s8:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r4-s9:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r5-s4:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r6-s1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r6-s3:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r6-s4:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r7-s2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r7-s3:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r7-s4:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r7-s5:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r7-s6:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:17.1:r1-s7:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:17.1:r2-s1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:17.1:r2-s10:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:17.1:r2-s11:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:17.1:r2-s2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:17.1:r2-s3:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:17.1:r2-s4:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:17.1:r2-s5:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:17.1:r2-s6:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:17.1:r2-s7:*:*:*:*:*:*
More vulnerabilities in Juniper Junos
- CVE-2021-0248 — Critical (CVSS 10.0): This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in…
- CVE-2021-0211 — Critical (CVSS 10.0): An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing…
- CVE-2020-1614 — Critical (CVSS 10.0): A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF)…
- CVE-2017-2343 — Critical (CVSS 10.0): The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series…
- CVE-2013-4685 — Critical (CVSS 10.0): Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44…
- CVE-2017-2349 — Critical (CVSS 9.9): A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially…
All CVEs affecting Juniper Junos →
Other CWE-755 (Improper Handling of Exceptional Conditions) vulnerabilities
- CVE-2025-34193 — Critical (CVSS 9.8): Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior…
- CVE-2025-10156 — Critical (CVSS 9.8): An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314…
- CVE-2021-42142 — Critical (CVSS 9.8): An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a…
- CVE-2021-42141 — Critical (CVSS 9.8): An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with…
- CVE-2023-38406 — Critical (CVSS 9.8): bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."
- CVE-2022-23121 — Critical (CVSS 9.8): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk.…
Browse all CWE-755 (Improper Handling of Exceptional Conditions) vulnerabilities →