According to a security bulletin released by Juniper Networks, the company has patched a dangerous vulnerability affecting SBR (Steel-Belted Radius) Carrier versions 8.4.1, 8.5.0, 8.6.0. The SBR is described by Juniper as “a standards-based authentication, authorization, and accounting (AAA) server for Internet service providers and carriers.” The vulnerability, which has been assigned the designation of CVE-2021-0276, earned a 9.8 (critical) score on the Common Vulnerability Scoring System. The database entry on CVE-2021-0276 describes the vulnerability as follows:
A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Carrier with EAP (Extensible Authentication Protocol) authentication configured, allows an attacker sending specific packets causing the radius daemon to crash resulting with a Denial of Service (DoS) or leading to remote code execution (RCE). By continuously sending this specific packets, an attacker can repeatedly crash the radius daemon, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks SBR Carrier: 8.4.1 versions prior to 8.4.1R19; 8.5.0 versions prior to 8.5.0R10; 8.6.0 versions prior to 8.6.0R4.
At the time of the Juniper Networks’ security bulletin release, the company had not observed any active exploitation of CVE-2021-0276. Perhaps this has to do with the fact that the vulnerability can only be exploited, as Juniper notes, when Enhanced EAP Logging and TraceLevel setting of 2 are enabled in the SBR Carrier. More likely, however, is that attackers were not aware of the vulnerability before this security notice.
Nevertheless, especially when considering that CVE-2021-0276 is nearly the highest a vulnerability can be rated, patches are an urgent need. Thankfully, Juniper Networks announced in their security bulletin, “The following software releases have been updated to resolve this specific issue: 8.4.1R19, 8.5.0R10, 8.6.0R4 and all subsequent releases… This issue is being tracked as 1465201.” As there are no known workarounds, it is highly recommended that any users of SBR Carrier update as soon as possible. The patches can be found on this Juniper website.
Patching is never a fun task, but if it is between that or a catastrophic security breach, the frustration is worth it.
Featured image: Wikimedia Commons / Thorsten Schramm