CVE-2021-0273

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 16.1R7-S8 Juniper Networks Junos OS versions 17.1 prior to 17.1R2-S12 Juniper Networks Junos OS versions 17.2 prior to 17.2R3-S4 Juniper Networks Junos OS versions 17.3 prior to 17.3R3-S8 Juniper Networks Junos OS versions 17.4 prior to 17.4R2-S10, 17.4R3-S2 Juniper Networks Junos OS versions 18.1 prior to 18.1R3-S10 Juniper Networks Junos OS versions 18.2 prior to 18.2R2-S7, 18.2R3-S3 Juniper Networks Junos OS versions 18.3 prior to 18.3R1-S7, 18.3R3-S2 Juniper Networks Junos OS versions 18.4 prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2 Juniper Networks Junos OS versions 19.1 prior to 19.1R1-S5, 19.1R2-S1, 19.1R3 Juniper Networks Junos OS versions 19.2 prior to 19.2R1-S4, 19.2R2 Juniper Networks Junos OS versions 19.3 prior to 19.3R2-S3, 19.3R3 Juniper Networks Junos OS versions 19.4 prior to 19.4R1-S1, 19.4R2 Juniper Networks Junos OS Evolved versions 19.4 prior to 19.4R2-EVO

Description The issue is related to an always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved, which allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards, causing a Denial of Service (DoS) condition by looping packets destined to the device's interfaces. This issue affects LT-LT interfaces and can be identified by examining the traffic of the LT-LT interfaces for excessive traffic. The exploitation of this issue can lead to a sustained Denial of Service (DoS) condition.

Recommendations For Juniper Networks Junos OS versions prior to 16.1R7-S8, update to version 16.1R7-S8 or later. For Juniper Networks Junos OS versions 17.1 prior to 17.1R2-S12, update to version 17.1R2-S12 or later. For Juniper Networks Junos OS versions 17.2 prior to 17.2R3-S4, update to version 17.2R3-S4 or later. For Juniper Networks Junos OS versions 17.3 prior to 17.3R3-S8, update to version 17.3R3-S8 or later. For Juniper Networks Junos OS versions 17.4 prior to 17.4R2-S10, 17.4R3-S2, update to version 17.4R2-S10, 17.4R3-S2 or later. For Juniper Networks Junos OS versions 18.1 prior to 18.1R3-S10, update to version 18.1R3-S10 or later. For Juniper Networks Junos OS versions 18.2 prior to 18.2R2-S7, 18.2R3-S3, update to version 18.2R2-S7, 18.2R3-S3 or later. For Juniper Networks Junos OS versions 18.3 prior to 18.3R1-S7, 18.3R3-S2, update to version 18.3R1-S7, 18.3R3-S2 or later. For Juniper Networks Junos OS versions 18.4 prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2, update to version 18.4R1-S7, 18.4R2-S4, 18.4R3-S2 or later. For Juniper Networks Junos OS versions 19.1 prior to 19.1R1-S5, 19.1R2-S1, 19.1R3, update to version 19.1R1-S5, 19.1R2-S1, 19.1R3 or later. For Juniper Networks Junos OS versions 19.2 prior to 19.2R1-S4, 19.2R2, update to version 19.2R1-S4, 19.2R2 or later. For Juniper Networks Junos OS versions 19.3 prior to 19.3R2-S3, 19.3R3, update to version 19.3R2-S3, 19.3R3 or later. For Juniper Networks Junos OS versions 19.4 prior to 19.4R1-S1, 19.4R2, update to version 19.4R1-S1, 19.4R2 or later. For Juniper Networks Junos OS Evolved versions 19.4 prior to 19.4R2-EVO, update to version 19.4R2-EVO or later. As a temporary workaround, consider disabling one side of the affected LT interfaces to break the loop, and then reenable the interface after the condition has cleared.