CVE-2021-0263 – Junos OS: PTX Series: Denial of Service in packet processing due to heavy route churn when J-Flow sampling is enabled
https://notcve.org/view.php?id=CVE-2021-0263
A Data Processing vulnerability in the Multi-Service process (multi-svcs) on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker to cause a Denial of Service (DoS) condition . The Multi-Service Process running on the FPC is responsible for handling sampling-related operations when a J-Flow configuration is activated. This can occur during periods of heavy route churn, causing the Multi-Service Process to stop processing updates, without consuming any further updates from kernel. This back pressure towards the kernel affects further dynamic updates from other processes in the system, including RPD, causing a KRT-STUCK condition and traffic forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device > show krt state ... • https://kb.juniper.net/JSA11154 https://www.juniper.net/documentation/en_US/junos/topics/example/flowmonitoring-active-sampling-instance-example.html • CWE-19: Data Processing Errors •
CVE-2021-0247 – Junos OS: PTX Series, QFX Series: Due to a race condition input loopback firewall filters applied to interfaces may not operate even when listed in the running configuration.
https://notcve.org/view.php?id=CVE-2021-0247
A Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) vulnerability in the firewall process (dfwd) of Juniper Networks Junos OS allows an attacker to bypass the firewall rule sets applied to the input loopback filter on any interfaces of a device. This issue is detectable by reviewing the PFE firewall rules, as well as the firewall counters and seeing if they are incrementing or not. For example: show firewall Filter: __default_bpdu_filter__ Filter: FILTER-INET-01 Counters: Name Bytes Packets output-match-inet 0 0 <<<<<< missing firewall packet count This issue affects: Juniper Networks Junos OS 14.1X53 versions prior to 14.1X53-D53 on QFX Series; 14.1 versions 14.1R1 and later versions prior to 15.1 versions prior to 15.1R7-S6 on QFX Series, PTX Series; 15.1X53 versions prior to 15.1X53-D593 on QFX Series; 16.1 versions prior to 16.1R7-S7 on QFX Series, PTX Series; 16.2 versions prior to 16.2R2-S11, 16.2R3 on QFX Series, PTX Series; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on QFX Series, PTX Series; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3 on QFX Series, PTX Series; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on QFX Series, PTX Series; 17.4 versions prior to 17.4R2-S9, 17.4R3 on QFX Series, PTX Series; 18.1 versions prior to 18.1R3-S9 on QFX Series, PTX Series; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3 on QFX Series, PTX Series; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 on QFX Series, PTX Series; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R2-S7, 18.4R3 on QFX Series, PTX Series; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 on QFX Series, PTX Series; 19.2 versions prior to 19.2R1-S3, 19.2R2 on QFX Series, PTX Series. Una vulnerabilidad de Condición de Carrera (Ejecución Concurrente usando Recursos Compartidos con Sincronización Inapropiada) en el proceso de firewall (dfwd) de Juniper Networks Junos OS, permite a un atacante omitir los conjuntos de reglas de firewall aplicados al filtro de bucle de entrada en cualquier interfaz de un dispositivo. Este problema es detectable al revisar las reglas de firewall de PFE, así como los contadores de firewall y visualizar si aumentan o no. • https://kb.juniper.net/JSA11140 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2020-1679 – Junos OS: PTX/QFX Series: Kernel Routing Table (KRT) queue stuck after packet sampling a malformed packet when the tunnel-observation mpls-over-udp configuration is enabled.
https://notcve.org/view.php?id=CVE-2020-1679
On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device > show krt state ... • https://kb.juniper.net/JSA11076 • CWE-20: Improper Input Validation •
CVE-2020-1617 – Junos OS: PTX1000 and PTX10000 Series, QFX10000 Series using non-AFT architectures: A specific genuine packet inspected by sFlow will cause a reboot.
https://notcve.org/view.php?id=CVE-2020-1617
This issue occurs on Juniper Networks Junos OS devices which do not support Advanced Forwarding Interface (AFI) / Advanced Forwarding Toolkit (AFT). Devices using AFI and AFT are not exploitable to this issue. An improper initialization of memory in the packet forwarding architecture in Juniper Networks Junos OS non-AFI/AFT platforms which may lead to a Denial of Service (DoS) vulnerability being exploited when a genuine packet is received and inspected by non-AFT/AFI sFlow and when the device is also configured with firewall policers. This first genuine packet received and inspected by sampled flow (sFlow) through a specific firewall policer will cause the device to reboot. After the reboot has completed, if the device receives and sFlow inspects another genuine packet seen through a specific firewall policer, the device will generate a core file and reboot. • https://github.com/Juniper/AFI https://kb.juniper.net/JSA11000 https://www.juniper.net/documentation/en_US/junos/topics/example/example-configuring-vpws-service-with-evpn-signaling-mechanisms.html • CWE-665: Improper Initialization •
CVE-2019-0014 – Junos OS: QFX and PTX Series: FPC process crashes after J-Flow processes a malformed packet
https://notcve.org/view.php?id=CVE-2019-0014
On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. By continuously sending the offending packet, an attacker can repeatedly crash the FPC process causing a sustained Denial of Service (DoS). This issue affects both IPv4 and IPv6 packet processing. Affected releases are Juniper Networks Junos OS on QFX and PTX Series: 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R1-S3, 18.2R2; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D100. En las series QFX y PTX, la recepción de un paquete mal formado para el muestreo de J-Flow podría provocar el cierre inesperado del proceso FPC (Flexible PIC Concentrator), que provoca que todas las interfaces se caigan. • http://www.securityfocus.com/bid/106556 https://kb.juniper.net/JSA10914 • CWE-19: Data Processing Errors •