QID 43961
Date Published: 2023-01-30
QID 43961: Juniper Network Operating System (Junos OS) Denial of Service (DoS) Vulnerability (JSA70210)
Juniper Junos is the network operating system used in Juniper Networks hardware systems.
A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash.
On all Junos PTX Series and QFX10000 Series, when specific EVPN VXLAN Multicast packets are processed, an FPC memory leak is observed.
This issue affects:
Juniper Networks Junos OS on QFX10000 and PTX series.
20.2 versions prior to 20.2R3-S6
20.3 versions prior to 20.3R3-S6
20.4 versions prior to 20.4R3-S4
21.1 versions prior to 21.1R3-S3
21.2 versions prior to 21.2R3-S1
21.3 versions prior to 21.3R3
21.4 versions prior to 21.4R3
22.1 versions prior to 22.1R2
22.2 versions prior to 22.2R2
QID detection logic: (Authenticated)
It checks for vulnerable Junos OS version.
It may allow an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak
The following software releases have been updated to resolve this specific issue:
For QFX10000 and PTX Series: 20.2R3-S6, 20.3R3-S6, 20.4R3-S4, 21.1R3-S3, 21.2R3-S1, 21.3R3, 21.4R3, 22.1R2, 22.2R2, 22.3R1 and all subsequent releases.
For more information please visit JSA70210.
- JSA70210 -
kb.juniper.net/JSA70210
CVEs related to QID 43961
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| JSA70210 |
kb.juniper.net/JSA70210 |