CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2021-0270 – Junos OS: PTX Series, QFX10K Series: A PTX/QFX FPC may restart unexpectedly with the "inline-Jflow" feature enabled on a large-scale deployment
https://notcve.org/view.php?id=CVE-2021-0270
On PTX Series and QFX10k Series devices with the "inline-jflow" feature enabled, a use after free weakness in the Packet Forwarding Engine (PFE) microkernel architecture of Juniper Networks Junos OS may allow an attacker to cause a Denial of Service (DoS) condition whereby one or more Flexible PIC Concentrators (FPCs) may restart. As this is a race condition situation this issue become more likely to be hit when network instability occurs, such as but not limited to BGP/IGP reconvergences, and/or further likely to occur when more active "traffic flows" are occurring through the device. When this issue occurs, it will cause one or more FPCs to restart unexpectedly. During FPC restarts core files will be generated. While the core file is generated traffic will be disrupted. • https://kb.juniper.net/JSA11161 https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/inline-flow-monitoring-ptx.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 124EXPL: 0CVE-2021-0263 – Junos OS: PTX Series: Denial of Service in packet processing due to heavy route churn when J-Flow sampling is enabled
https://notcve.org/view.php?id=CVE-2021-0263
A Data Processing vulnerability in the Multi-Service process (multi-svcs) on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker to cause a Denial of Service (DoS) condition . The Multi-Service Process running on the FPC is responsible for handling sampling-related operations when a J-Flow configuration is activated. This can occur during periods of heavy route churn, causing the Multi-Service Process to stop processing updates, without consuming any further updates from kernel. This back pressure towards the kernel affects further dynamic updates from other processes in the system, including RPD, causing a KRT-STUCK condition and traffic forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device > show krt state ... • https://kb.juniper.net/JSA11154 https://www.juniper.net/documentation/en_US/junos/topics/example/flowmonitoring-active-sampling-instance-example.html • CWE-19: Data Processing Errors •
CVSS: 6.8EPSS: 0%CPEs: 344EXPL: 0CVE-2021-0247 – Junos OS: PTX Series, QFX Series: Due to a race condition input loopback firewall filters applied to interfaces may not operate even when listed in the running configuration.
https://notcve.org/view.php?id=CVE-2021-0247
A Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) vulnerability in the firewall process (dfwd) of Juniper Networks Junos OS allows an attacker to bypass the firewall rule sets applied to the input loopback filter on any interfaces of a device. This issue is detectable by reviewing the PFE firewall rules, as well as the firewall counters and seeing if they are incrementing or not. For example: show firewall Filter: __default_bpdu_filter__ Filter: FILTER-INET-01 Counters: Name Bytes Packets output-match-inet 0 0 <<<<<< missing firewall packet count This issue affects: Juniper Networks Junos OS 14.1X53 versions prior to 14.1X53-D53 on QFX Series; 14.1 versions 14.1R1 and later versions prior to 15.1 versions prior to 15.1R7-S6 on QFX Series, PTX Series; 15.1X53 versions prior to 15.1X53-D593 on QFX Series; 16.1 versions prior to 16.1R7-S7 on QFX Series, PTX Series; 16.2 versions prior to 16.2R2-S11, 16.2R3 on QFX Series, PTX Series; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on QFX Series, PTX Series; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3 on QFX Series, PTX Series; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on QFX Series, PTX Series; 17.4 versions prior to 17.4R2-S9, 17.4R3 on QFX Series, PTX Series; 18.1 versions prior to 18.1R3-S9 on QFX Series, PTX Series; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3 on QFX Series, PTX Series; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 on QFX Series, PTX Series; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R2-S7, 18.4R3 on QFX Series, PTX Series; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 on QFX Series, PTX Series; 19.2 versions prior to 19.2R1-S3, 19.2R2 on QFX Series, PTX Series. Una vulnerabilidad de Condición de Carrera (Ejecución Concurrente usando Recursos Compartidos con Sincronización Inapropiada) en el proceso de firewall (dfwd) de Juniper Networks Junos OS, permite a un atacante omitir los conjuntos de reglas de firewall aplicados al filtro de bucle de entrada en cualquier interfaz de un dispositivo. Este problema es detectable al revisar las reglas de firewall de PFE, así como los contadores de firewall y visualizar si aumentan o no. • https://kb.juniper.net/JSA11140 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 122EXPL: 0CVE-2020-1679 – Junos OS: PTX/QFX Series: Kernel Routing Table (KRT) queue stuck after packet sampling a malformed packet when the tunnel-observation mpls-over-udp configuration is enabled.
https://notcve.org/view.php?id=CVE-2020-1679
On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device > show krt state ... • https://kb.juniper.net/JSA11076 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 63EXPL: 0CVE-2020-1617 – Junos OS: PTX1000 and PTX10000 Series, QFX10000 Series using non-AFT architectures: A specific genuine packet inspected by sFlow will cause a reboot.
https://notcve.org/view.php?id=CVE-2020-1617
This issue occurs on Juniper Networks Junos OS devices which do not support Advanced Forwarding Interface (AFI) / Advanced Forwarding Toolkit (AFT). Devices using AFI and AFT are not exploitable to this issue. An improper initialization of memory in the packet forwarding architecture in Juniper Networks Junos OS non-AFI/AFT platforms which may lead to a Denial of Service (DoS) vulnerability being exploited when a genuine packet is received and inspected by non-AFT/AFI sFlow and when the device is also configured with firewall policers. This first genuine packet received and inspected by sampled flow (sFlow) through a specific firewall policer will cause the device to reboot. After the reboot has completed, if the device receives and sFlow inspects another genuine packet seen through a specific firewall policer, the device will generate a core file and reboot. • https://github.com/Juniper/AFI https://kb.juniper.net/JSA11000 https://www.juniper.net/documentation/en_US/junos/topics/example/example-configuring-vpws-service-with-evpn-signaling-mechanisms.html • CWE-665: Improper Initialization •