CVE-2021-31371

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 17.3R3-S12 Juniper Networks Junos OS versions 18.1 prior to 18.1R3-S13 Juniper Networks Junos OS versions 18.3 prior to 18.3R3-S5 Juniper Networks Junos OS versions 19.1 prior to 19.1R3-S6 Juniper Networks Junos OS versions 19.2 prior to 19.2R1-S7, 19.2R3-S3 Juniper Networks Junos OS versions 19.3 prior to 19.3R2-S6, 19.3R3-S3 Juniper Networks Junos OS versions 19.4 prior to 19.4R1-S4, 19.4R3-S5 Juniper Networks Junos OS versions 20.1 prior to 20.1R2-S2, 20.1R3-S1 Juniper Networks Junos OS versions 20.2 prior to 20.2R3-S2 Juniper Networks Junos OS versions 20.3 prior to 20.3R3-S1 Juniper Networks Junos OS versions 20.4 prior to 20.4R2-S1, 20.4R3 Juniper Networks Junos OS versions 21.1 prior to 21.1R1-S1, 21.1R2

Description Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress a QFX5000 Series switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure issue.

Recommendations For versions prior to 17.3R3-S12, update to 17.3R3-S12 or later. For versions 18.1 prior to 18.1R3-S13, update to 18.1R3-S13 or later. For versions 18.3 prior to 18.3R3-S5, update to 18.3R3-S5 or later. For versions 19.1 prior to 19.1R3-S6, update to 19.1R3-S6 or later. For versions 19.2 prior to 19.2R1-S7, 19.2R3-S3, update to 19.2R1-S7, 19.2R3-S3 or later. For versions 19.3 prior to 19.3R2-S6, 19.3R3-S3, update to 19.3R2-S6, 19.3R3-S3 or later. For versions 19.4 prior to 19.4R1-S4, 19.4R3-S5, update to 19.4R1-S4, 19.4R3-S5 or later. For versions 20.1 prior to 20.1R2-S2, 20.1R3-S1, update to 20.1R2-S2, 20.1R3-S1 or later. For versions 20.2 prior to 20.2R3-S2, update to 20.2R3-S2 or later. For versions 20.3 prior to 20.3R3-S1, update to 20.3R3-S1 or later. For versions 20.4 prior to 20.4R2-S1, 20.4R3, update to 20.4R2-S1, 20.4R3 or later. For versions 21.1 prior to 21.1R1-S1, 21.1R2, update to 21.1R1-S1, 21.1R2 or later.