CVE-2021-0234

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on QFX5100-96S versions 17.3 prior to 17.3R3-S10 Juniper Networks Junos OS on QFX5100-96S versions 17.4 prior to 17.4R3-S4 Juniper Networks Junos OS on QFX5100-96S versions 18.1 prior to 18.1R3-S10 Juniper Networks Junos OS on QFX5100-96S versions 18.2 prior to 18.2R3-S3 Juniper Networks Junos OS on QFX5100-96S versions 18.3 prior to 18.3R3-S2 Juniper Networks Junos OS on QFX5100-96S versions 18.4 prior to 18.4R2-S4 Juniper Networks Junos OS on QFX5100-96S versions 18.4 prior to 18.4R3-S1 Juniper Networks Junos OS on QFX5100-96S versions 19.1 prior to 19.1R3 Juniper Networks Junos OS on QFX5100-96S versions 19.1 prior to 19.1R3-S4 Juniper Networks Junos OS on QFX5100-96S versions 19.2 prior to 19.2R2 Juniper Networks Junos OS on QFX5100-96S versions 19.3 prior to 19.3R3 Juniper Networks Junos OS on QFX5100-96S versions 19.4 prior to 19.4R2

Description: The issue is caused by an improper Initialization vulnerability in Juniper Networks Junos OS on QFX5100-96S devices. This vulnerability affects the DDoS protection configuration, causing it to not take effect beyond the default DDoS settings when configured from the CLI. The jddosd daemon is responsible for protecting the packet forwarding engine (PFE) during a DDoS attack. When this issue occurs, the default DDoS settings within the PFE apply, and CPU-bound packets will be throttled and dropped in the PFE when the limits are exceeded. The administrator can check if the device has this issue by executing the command show ddos-protection protocols to monitor the status of DDoS protection.

Recommendations: For Juniper Networks Junos OS on QFX5100-96S versions 17.3 prior to 17.3R3-S10, update to version 17.3R3-S10 or later. For Juniper Networks Junos OS on QFX5100-96S versions 17.4 prior to 17.4R3-S4, update to version 17.4R3-S4 or later. For Juniper Networks Junos OS on QFX5100-96S versions 18.1 prior to 18.1R3-S10, update to version 18.1R3-S10 or later. For Juniper Networks Junos OS on QFX5100-96S versions 18.2 prior to 18.2R3-S3, update to version 18.2R3-S3 or later. For Juniper Networks Junos OS on QFX5100-96S versions 18.3 prior to 18.3R3-S2, update to version 18.3R3-S2 or later. For Juniper Networks Junos OS on QFX5100-96S versions 18.4 prior to 18.4R2-S4, update to version 18.4R2-S4 or later. For Juniper Networks Junos OS on QFX5100-96S versions 18.4 prior to 18.4R3-S1, update to version 18.4R3-S1 or later. For Juniper Networks Junos OS on QFX5100-96S versions 19.1 prior to 19.1R3, update to version 19.1R3 or later. For Juniper Networks Junos OS on QFX5100-96S versions 19.1 prior to 19.1R3-S4, update to version 19.1R3-S4 or later. For Juniper Networks Junos OS on QFX5100-96S versions 19.2 prior to 19.2R2, update to version 19.2R2 or later. For Juniper Networks Junos OS on QFX5100-96S versions 19.3 prior to 19.3R3, update to version 19.3R3 or later. For Juniper Networks Junos OS on QFX5100-96S versions 19.4 prior to 19.4R2, update to version 19.4R2 or later.