CVE-2021-0205

Name of the Vulnerable Software and Affected Versions Junos versions prior to 17.3R3-S10 Junos versions prior to 17.4R3-S3 Junos versions prior to 18.1R3-S11 Junos versions prior to 18.2R3-S6 Junos versions prior to 18.3R3-S4 Junos versions prior to 18.4R3-S6 Junos versions prior to 19.1R2-S2 Junos versions prior to 19.1R3-S3 Junos versions prior to 19.2R3-S1 Junos versions prior to 19.3R2-S5 Junos versions prior to 19.3R3-S1 Junos versions prior to 19.4R3 Junos versions prior to 20.1R2 Junos versions prior to 20.2R2

Description The issue is related to errors in security settings of the Intrusion Detection Service (IDS) feature in Junos OS on MX series routers. When the IDS feature is configured with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the prefix as /32, causing the filter to block unexpected traffic. This issue affects only IPv6 prefixes when used as source and destination.

Recommendations For Junos versions prior to 17.3R3-S10, update to 17.3R3-S10 or later. For Junos versions prior to 17.4R3-S3, update to 17.4R3-S3 or later. For Junos versions prior to 18.1R3-S11, update to 18.1R3-S11 or later. For Junos versions prior to 18.2R3-S6, update to 18.2R3-S6 or later. For Junos versions prior to 18.3R3-S4, update to 18.3R3-S4 or later. For Junos versions prior to 18.4R3-S6, update to 18.4R3-S6 or later. For Junos versions prior to 19.1R2-S2, update to 19.1R2-S2 or later. For Junos versions prior to 19.1R3-S3, update to 19.1R3-S3 or later. For Junos versions prior to 19.2R3-S1, update to 19.2R3-S1 or later. For Junos versions prior to 19.3R2-S5, update to 19.3R2-S5 or later. For Junos versions prior to 19.3R3-S1, update to 19.3R3-S1 or later. For Junos versions prior to 19.4R3, update to 19.4R3 or later. For Junos versions prior to 20.1R2, update to 20.1R2 or later. For Junos versions prior to 20.2R2, update to 20.2R2 or later.