CVE-2021-31376

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on ACX500, ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX5048, ACX5096 versions 18.4R3-S7 through 18.4R3-S8

Description An Improper Input Validation vulnerability in the Packet Forwarding Engine manager (FXPC) process allows an attacker to cause a Denial of Service (DoS) by sending specific DHCPv6 packets to the device and crashing the FXPC service. Continued receipt and processing of this specific packet will create a sustained Denial of Service (DoS) condition.

Recommendations For Juniper Networks Junos OS on ACX500, ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX5048, ACX5096 version 18.4R3-S7 and later versions prior to 18.4R3-S8, update to version 18.4R3-S8 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable FXPC service until a patch is available. Avoid sending specific DHCPv6 packets to the device to minimize the risk of exploitation.