Monday, July 19, 2021

Juniper Junos OS: 2021-07 Security Bulletin: Junos OS: PTX Series and QFX10K Series: Upon receipt of specific packets BFD sessions might flap due to DDoS policer implementation in Packet Forwarding Engine (JSA11184) (CVE-2021-0280)

Description
Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards, ddos-protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS (Distributed Denial of Service) settings in the Packet Forwarding Engine (PFE). This may cause BFD sessions to flap when a high rate of specific packets are received. Flapping of BFD sessions in turn may impact routing protocols and network stability, leading to a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
Solution(s)
  • juniper-junos-os-upgrade-latest


  • References
  • https://attackerkb.com/topics/cve-2021-0280
  • CVE - 2021-0280
  • JSA11184




  •  

    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated