CVE-2021-0258

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 17.2 through 17.2R3-S4 Juniper Networks Junos OS versions 17.3 through 17.3R3-S9 Juniper Networks Junos OS versions 17.4 through 17.4R2-S11, 17.4R3-S2 Juniper Networks Junos OS versions 18.1 through 18.1R3-S11 Juniper Networks Junos OS versions 18.2 through 18.2R3-S5 Juniper Networks Junos OS versions 18.3 through 18.3R2-S4, 18.3R3-S3 Juniper Networks Junos OS versions 18.4 through 18.4R2-S5, 18.4R3-S4 Juniper Networks Junos OS versions 19.1 through 19.1R2-S2, 19.1R3 Juniper Networks Junos OS versions 19.2 through 19.2R1-S5, 19.2R2 Juniper Networks Junos OS versions 19.3 through 19.3R2-S4, 19.3R3 Juniper Networks Junos OS versions 19.4 through 19.4R1-S3, 19.4R2

Description: A vulnerability in the forwarding of transit TCPv6 packets received on the Ethernet management interface allows an attacker to trigger a kernel panic, leading to a Denial of Service (DoS). This issue only occurs when TCPv6 packets are routed through the management interface, and it affects systems with the concurrent network stack enabled. The issue was introduced as part of a TCP Parallelization feature added in Junos OS 17.2.

Recommendations: As a temporary workaround, consider disabling the TCP Parallelization feature until a patch is available. For versions 17.2 through 17.2R3-S4, update to 17.2R3-S4 or later. For versions 17.3 through 17.3R3-S9, update to 17.3R3-S9 or later. For versions 17.4 through 17.4R2-S11, 17.4R3-S2, update to 17.4R2-S11 or 17.4R3-S2 or later. For versions 18.1 through 18.1R3-S11, update to 18.1R3-S11 or later. For versions 18.2 through 18.2R3-S5, update to 18.2R3-S5 or later. For versions 18.3 through 18.3R2-S4, 18.3R3-S3, update to 18.3R2-S4 or 18.3R3-S3 or later. For versions 18.4 through 18.4R2-S5, 18.4R3-S4, update to 18.4R2-S5 or 18.4R3-S4 or later. For versions 19.1 through 19.1R2-S2, 19.1R3, update to 19.1R2-S2 or 19.1R3 or later. For versions 19.2 through 19.2R1-S5, 19.2R2, update to 19.2R1-S5 or 19.2R2 or later. For versions 19.3 through 19.3R2-S4, 19.3R3, update to 19.3R2-S4 or 19.3R3 or later. For versions 19.4 through 19.4R1-S3, 19.4R2, update to 19.4R1-S3 or 19.4R2 or later.