CVE-2021-0222

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 14.1X53-D53 on EX4300, QFX3500, QFX5100, EX4600 Juniper Networks Junos OS versions prior to 15.1R7-S6 on EX4300, QFX3500, QFX5100, EX4600 Juniper Networks Junos OS versions prior to 16.1R7-S7 on EX4300, QFX5100, EX4600 Juniper Networks Junos OS versions prior to 17.1R2-S11 on EX4300, QFX5100, EX4600 Juniper Networks Junos OS versions prior to 17.1R3-S2 on EX4300 Juniper Networks Junos OS versions prior to 17.2R1-S9 on EX4300 Juniper Networks Junos OS versions prior to 17.2R3-S3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200 Juniper Networks Junos OS versions prior to 17.3R2-S5, 17.3R3-S7 on EX4300, QFX5100, EX4600, QFX5110, QFX5200 Juniper Networks Junos OS versions prior to 17.4R2-S9, 17.4R3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200 Juniper Networks Junos OS versions prior to 18.1R3-S9 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, EX2300, EX3400 Juniper Networks Junos OS versions prior to 18.2R2-S7 on EX4300 Juniper Networks Junos OS versions prior to 18.2R3-S3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, EX2300, EX3400 Juniper Networks Junos OS versions prior to 18.3R2-S3 on EX4300 Juniper Networks Junos OS versions prior to 18.3R1-S7, 18.3R3-S1 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400 Juniper Networks Junos OS versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400 Juniper Networks Junos OS versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400 Juniper Networks Junos OS versions prior to 19.2R1-S4, 19.2R2 on EX4300 Juniper Networks Junos OS versions prior to 19.2R1-S3, 19.2R2 on QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400 Juniper Networks Junos OS versions prior to 19.3R2-S1, 19.3R3 on EX4300 Juniper Networks Junos OS versions prior to 19.3R1-S1, 19.3R2, 19.3R3 on QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400

Description The issue is related to insufficient input validation in Juniper Networks Junos OS, allowing an attacker to cause a Denial of Service (DoS) to the device by sending crafted protocol packets from an adjacent device with invalid payloads. These packets are replicated and sent to the RE, leading to a DoS condition over time. The issue affects all traffic through the device and can be triggered by IPv4 and IPv6 packets. An indication of compromise is to check "monitor interface traffic" on the ingress and egress port packet counts, where for each ingress packet, two duplicate packets are seen on egress.

Recommendations For Juniper Networks Junos OS versions prior to 14.1X53-D53 on EX4300, QFX3500, QFX5100, EX4600, update to version 14.1X53-D53 or later. For Juniper Networks Junos OS versions prior to 15.1R7-S6 on EX4300, QFX3500, QFX5100, EX4600, update to version 15.1R7-S6 or later. For Juniper Networks Junos OS versions prior to 16.1R7-S7 on EX4300, QFX5100, EX4600, update to version 16.1R7-S7 or later. For Juniper Networks Junos OS versions prior to 17.1R2-S11 on EX4300, QFX5100, EX4600, update to version 17.1R2-S11 or later. For Juniper Networks Junos OS versions prior to 17.1R3-S2 on EX4300, update to version 17.1R3-S2 or later. For Juniper Networks Junos OS versions prior to 17.2R1-S9 on EX4300, update to version 17.2R1-S9 or later. For Juniper Networks Junos OS versions prior to 17.2R3-S3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, update to version 17.2R3-S3 or later. For Juniper Networks Junos OS versions prior to 17.3R2-S5, 17.3R3-S7 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, update to version 17.3R2-S5, 17.3R3-S7 or later. For Juniper Networks Junos OS versions prior to 17.4R2-S9, 17.4R3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, update to version 17.4R2-S9, 17.4R3 or later. For Juniper Networks Junos OS versions prior to 18.1R3-S9 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, EX2300, EX3400, update to version 18.1R3-S9 or later. For Juniper Networks Junos OS versions prior to 18.2R2-S7 on EX4300, update to version 18.2R2-S7 or later. For Juniper Networks Junos OS versions prior to 18.2R3-S3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, EX2300, EX3400, update to version 18.2R3-S3 or later. For Juniper Networks Junos OS versions prior to 18.3R2-S3 on EX4300, update to version 18.3R2-S3 or later. For Juniper Networks Junos OS versions prior to 18.3R1-S7, 18.3R3-S1 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400, update to version 18.3R1-S7, 18.3R3-S1 or later. For Juniper Networks Junos OS versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400, update to version 18.4R1-S5, 18.4R2-S3, 18.4R3 or later. For Juniper Networks Junos OS versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400, update to version 19.1R1-S4, 19.1R2-S1, 19.1R3 or later. For Juniper Networks Junos OS versions prior to 19.2R1-S4, 19.2R2 on EX4300, update to version 19.2R1-S4, 19.2R2 or later. For Juniper Networks Junos OS versions prior to 19.2R1-S3, 19.2R2 on QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400, update to version 19.2R1-S3, 19.2R2 or later. For Juniper Networks Junos OS versions prior to 19.3R2-S1, 19.3R3 on EX4300, update to version 19.3R2-S1, 19.3R3 or later. For Juniper Networks Junos OS versions prior to 19.3R1-S1, 19.3R2, 19.3R3 on QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400, update to version 19.3R1-S1, 19.3R2, 19.3R3 or later.