July 18, 2021

Juniper patched a critical Buffer Overflow vulnerability in Juniper Steel-Belted Radius (SBR) Carrier Edition with EAP authentication configured, which could result in remote code execution (RCE). 

This issue affects SBR Carrier with EAP authentication configured only when using Enhanced EAP Logging and TraceLevel setting of 2. 

The Vulnerability

• CVE-2021-0276 CVSS 3.1 Score: 9.8, Critical 

A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Carrier with EAP (Extensible Authentication Protocol) authentication configured, allows an attacker sending specific packets causing the radius daemon to crash resulting in a Denial of Service (DoS) or leading to remote code execution (RCE). 

By continuously sending these specific packets, an attacker can repeatedly crash the radius daemon, causing a sustained Denial of Service (DoS). 

Affected Products: 

• SBR Carrier 8.4.1 versions prior to 8.4.1R19; 
• SBR Carrier 8.5.0 versions prior to 8.5.0R10; 
• SBR Carrier 8.6.0 versions prior to 8.6.0R4. 

Mitigation: 

CYREBRO recommends patching relevant products with the corresponding update (8.4.1R19, 8.5.0R10 and 8.6.0R4 respectively). 

Updates are available via the official Juniper download directory. 

References: Juniper KB