CVE-2021-0259

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on QFX5K Series versions 17.3 through 17.3R3-S11 Juniper Networks Junos OS on QFX5K Series versions 17.4 through 17.4R3-S5 Juniper Networks Junos OS on QFX5K Series versions 18.1 through 18.1R3-S13 Juniper Networks Junos OS on QFX5K Series versions 18.2 through 18.2R2-S8 Juniper Networks Junos OS on QFX5K Series versions 18.2 through 18.2R3-S8 Juniper Networks Junos OS on QFX5K Series versions 18.3 through 18.3R3-S5 Juniper Networks Junos OS on QFX5K Series versions 18.4 through 18.4R1-S8 Juniper Networks Junos OS on QFX5K Series versions 18.4 through 18.4R2-S6 Juniper Networks Junos OS on QFX5K Series versions 18.4 through 18.4R3-S6 Juniper Networks Junos OS on QFX5K Series versions 19.1 through 19.1R3-S4 Juniper Networks Junos OS on QFX5K Series versions 19.2 through 19.2R1-S6 Juniper Networks Junos OS on QFX5K Series versions 19.2 through 19.2R3-S2 Juniper Networks Junos OS on QFX5K Series versions 19.3 through 19.3R3-S2 Juniper Networks Junos OS on QFX5K Series versions 19.4 through 19.4R2-S4 Juniper Networks Junos OS on QFX5K Series versions 19.4 through 19.4R3-S1 Juniper Networks Junos OS on QFX5K Series versions 20.1 through 20.1R2 Juniper Networks Junos OS on QFX5K Series versions 20.2 through 20.2R2 Juniper Networks Junos OS on QFX5K Series versions 20.3 through 20.3R1-S2 Juniper Networks Junos OS on QFX5K Series versions 20.3 through 20.3R2 Juniper Networks Junos OS Evolved on QFX5220 versions prior to 20.3R2-EVO

Description: A vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration may cause instability in the underlay network due to exceeding the default ddos-protection aggregate threshold. If an attacker sends a high volume of specific, legitimate traffic in the overlay network, the leaf might not process certain L2 traffic sent by spines in the underlay network, resulting in a Denial of Service (DoS) condition.

Recommendations: For Juniper Networks Junos OS on QFX5K Series versions 17.3 through 17.3R3-S11, update to version 17.3R3-S11 or later. For Juniper Networks Junos OS on QFX5K Series versions 17.4 through 17.4R3-S5, update to version 17.4R3-S5 or later. For Juniper Networks Junos OS on QFX5K Series versions 18.1 through 18.1R3-S13, update to version 18.1R3-S13 or later. For Juniper Networks Junos OS on QFX5K Series versions 18.2 through 18.2R2-S8, update to version 18.2R2-S8 or later. For Juniper Networks Junos OS on QFX5K Series versions 18.2 through 18.2R3-S8, update to version 18.2R3-S8 or later. For Juniper Networks Junos OS on QFX5K Series versions 18.3 through 18.3R3-S5, update to version 18.3R3-S5 or later. For Juniper Networks Junos OS on QFX5K Series versions 18.4 through 18.4R1-S8, update to version 18.4R1-S8 or later. For Juniper Networks Junos OS on QFX5K Series versions 18.4 through 18.4R2-S6, update to version 18.4R2-S6 or later. For Juniper Networks Junos OS on QFX5K Series versions 18.4 through 18.4R3-S6, update to version 18.4R3-S6 or later. For Juniper Networks Junos OS on QFX5K Series versions 19.1 through 19.1R3-S4, update to version 19.1R3-S4 or later. For Juniper Networks Junos OS on QFX5K Series versions 19.2 through 19.2R1-S6, update to version 19.2R1-S6 or later. For Juniper Networks Junos OS on QFX5K Series versions 19.2 through 19.2R3-S2, update to version 19.2R3-S2 or later. For Juniper Networks Junos OS on QFX5K Series versions 19.3 through 19.3R3-S2, update to version 19.3R3-S2 or later. For Juniper Networks Junos OS on QFX5K Series versions 19.4 through 19.4R2-S4, update to version 19.4R2-S4 or later. For Juniper Networks Junos OS on QFX5K Series versions 19.4 through 19.4R3-S1, update to version 19.4R3-S1 or later. For Juniper Networks Junos OS on QFX5K Series versions 20.1 through 20.1R2, update to version 20.1R2 or later. For Juniper Networks Junos OS on QFX5K Series versions 20.2 through 20.2R2, update to version 20.2R2 or later. For Juniper Networks Junos OS on QFX5K Series versions 20.3 through 20.3R1-S2, update to version 20.3R1-S2 or later. For Juniper Networks Junos OS on QFX5K Series versions 20.3 through 20.3R2, update to version 20.3R2 or later. For Juniper Networks Junos OS Evolved on QFX5220 versions prior to 20.3R2-EVO, update to version 20.3R2-EVO or later.