| PR Number |
Synopsis |
Category: Firewall Filter |
| 1473093 |
Traffic might not be forwarded into the right queue but the default queue when VPLS traffic has three or more VLAN tags with VLAN priority 5
|
On the MX platform with MPC line card (except DPC line card) used, if an input firewall filter is configured at the ingress VPLS interface, the packet with a VLAN priority of 5 with three or more VLAN tags might be forwarded into the wrong queue. When this occurs, it might cause traffic loss due to congestion as all traffic is forwarded into the default queue. |
| PR Number |
Synopsis |
Category: Ethernet OAM (LFM) |
| 1443353 |
The cfmd process might crash after a restart on Junos 17.1R1 and above
|
On MX platforms running Junos 17.1R1 and above, when enhanced-ip mode and CFM centralized mode ("no-aggregate-delegate-processing" konb is configured for CFM) are used , after a cfmd restart (e.g. device cold start/restart, RE switchover), the cfmd process might crash and could not run anymore. |
| PR Number |
Synopsis |
Category: jdhcpd daemon |
| 1449353 |
Junos OS and Junos OS Evolved: Multiple vulnerabilities in JDHCPD allow for OS command injection and code execution of JDHCPD
|
A device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process configured relay mode is vulnerable to multiple vulnerabilities which allow an attacker to send crafted packets who may arbitrarily execute commands as root on the target device, or who may take over the code execution of the JDHDCP process. Refer to https://kb.juniper.net/JSA10981 for more information. |
| PR Number |
Synopsis |
Category: Security platform jweb support |
| 1434553 |
Junos OS: Cross-Site Scripting (XSS) in J-Web
|
Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. Please refer to https://kb.juniper.net/JSA10986 for more details. |
| PR Number |
Synopsis |
Category: Multiprotocol Label Switching |
| 1402185 |
JSA10979 Junos OS: A specific SNMP command can trigger a high CPU usage Denial of Service in the RPD daemon. (CVE-2020-1600)
|
In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA10979 for more information. |
| PR Number |
Synopsis |
Category: IPv6/ND/ICMPv6 issues |
| 1443576 |
Junos OS: Improper handling of specific IPv6 packets sent by clients eventually kernel crash (vmcore) the device. (CVE-2020-1603)
|
Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. Refer to https://kb.juniper.net/JSA10982 for more information. |
| PR Number |
Synopsis |
Category: Path computation client daemon |
| 1395205 |
Junos OS: Upon receipt of certain types of malformed PCEP packets the pccd process may crash. [CVE-2020-1601]
|
Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Element (PCE) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS). Refer to https://kb.juniper.net/JSA10980 for more information. |
| PR Number |
Synopsis |
Category: Resource Reservation Protocol |
| 1368177 |
RPD might restart after an MPLS LSP flap if "no-cspf" and "fast-reroute" are configured in an LSR ingress router.
|
RPD may restart unexpectedly after an MPLS LSP flap when "no-cspf" and "fast-reroute" are configured in LSR ingress router |