QID 43840
Date Published: 2021-08-11
QID 43840: Juniper Junos OS Denial of Service Vulnerability (JSA11193)
Juniper Junos is the network operating system used in Juniper Networks hardware systems.
An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource.
Juniper Networks Junos OS:.
15.1 versions prior to 15.1R7-S9;.
17.3 versions prior to 17.3R3-S12;.
17.4 versions prior to 17.4R2-S13, 17.4R3-S5;.
18.3 versions prior to 18.3R3-S5;.
18.4 versions prior to 18.4R2-S8, 18.4R3-S9;.
19.1 versions prior to 19.1R3-S5;.
19.2 versions prior to 19.2R3-S2;.
19.3 versions prior to 19.3R2-S6, 19.3R3-S2;.
19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3;.
20.1 versions prior to 20.1R2;.
20.2 versions prior to 20.2R2;.
20.3 versions prior to 20.3R2..
QID detection logic: (Authenticated)
It checks for vulnerable Junos OS version.
Note: we are not able to check if workaround apply or not hence QID mark as Potential
Successful exploitation allows attacker may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased.
The following software releases have been updated to resolve this specific issue:
Junos OS: 15.1R7-S9, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.3R3-S5, 18.4R2-S8, 19.1R3-S5, 19.2R3-S2, 19.3R2-S6, 19.3R3-S2, 19.4R1-S4, 19.4R2-S4, 19.4R3, 20.1R2, 20.2R2, 20.2R3, 20.3R2, 20.4R1, and all subsequent releases.
For more information please visit JSA11193.
Workaround:
Use access lists or firewall filters to deny access to TCP port 705.
CVEs related to QID 43840
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| JSA11193 |
kb.juniper.net/InfoCenter/index?page=content&id=JSA11193&actp=METADATA |