| PR Number |
Synopsis |
Category: EX4300 PFE |
| 1343402 |
JSA10983 Junos OS: EX4300/EX4600/QFX3500/QFX5100 Series: Stateless IP firewall filter may fail to evaluate certain packets (CVE-2020-1604)
|
On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. Refer to https://kb.juniper.net/JSA10983 for more information. |
| PR Number |
Synopsis |
Category: BBE network stack related issues |
| 1432957 |
Junos OS: MX Series: In BBE configurations, receipt of a specific MPLS or IPv6 packet causes a Denial of Service
|
Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot. Please refer to https://kb.juniper.net/JSA10987 for more details. |
| PR Number |
Synopsis |
Category: Express PFE CoS Features |
| 1347805 |
QFX10000 platforms might encounter a chassis alarm indicating "FPC 0 Major Errors - PE Error code: 0x2100ba".
|
QFX10000 platforms may encounter a chassis alarm indicating "FPC 0 Major Errors - PE Error code: 0x2100ba". This error is incorrectly categorized as 'Major' and it can be safely ignored unless it is encountered with high frequency. Future Junos releases will recategorize this message to "Info" severity. |
| 1450265 |
CoS classification does not work on QFX10K
|
On QFX10K platforms, under the scale scenario more than 500 AE IFLs, if the classifier configuration frequent churns or link flaps, the CoS classification will not work on the impacted interfaces. |
| PR Number |
Synopsis |
Category: Security platform jweb support |
| 1431298 |
Junos OS: Path traversal vulnerability in J-Web
|
A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. Refer to https://kb.juniper.net/JSA10985 for more information. |
| 1434553 |
Junos OS: Cross-Site Scripting (XSS) in J-Web
|
Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. Please refer to https://kb.juniper.net/JSA10986 for more details. |
| PR Number |
Synopsis |
Category: Multiprotocol Label Switching |
| 1402185 |
JSA10979 Junos OS: A specific SNMP command can trigger a high CPU usage Denial of Service in the RPD daemon. (CVE-2020-1600)
|
In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA10979 for more information. |
| PR Number |
Synopsis |
Category: IPv6/ND/ICMPv6 issues |
| 1443576 |
Junos OS: Improper handling of specific IPv6 packets sent by clients eventually kernel crash (vmcore) the device. (CVE-2020-1603)
|
Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. Refer to https://kb.juniper.net/JSA10982 for more information. |
| PR Number |
Synopsis |
Category: Kernel socket data replication |
| 1472519 |
The kernel may crash and vmcore may be observed after configuration change is committed
|
On all Junos platforms, after committing the configuration change (e.g. removal of protocols like mpls, isis, ldp from the interfaces), then the kernel may crash and vmcore may be observed. This issue also may cause protocol adjacency failure. |
| PR Number |
Synopsis |
Category: Path computation client daemon |
| 1395205 |
Junos OS: Upon receipt of certain types of malformed PCEP packets the pccd process may crash. [CVE-2020-1601]
|
Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Element (PCE) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS). Refer to https://kb.juniper.net/JSA10980 for more information. |
| PR Number |
Synopsis |
Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
| 1354582 |
The alarm errors might be seen during the bootup on QFX10000
|
On QFX10000 Series switches, you may see an "FPC Major Errors - PE Error code: 0x2104be" alarm if the FPC has an interface that is not up. The alarm will be clear later on. |
| PR Number |
Synopsis |
Category: QFX VC Infrastructure |
| 1414492 |
VC Ports using DAC may not establish link on QFX5200
|
On QFX5200, when virtual-chassis is configured, if the QSFP configured as VCP is removed and then inserted, VC Ports using direct attach copper (DAC) may not establish link. |
| PR Number |
Synopsis |
Category: VMHOST platforms software |
| 1398333 |
Junos OS: NFX150 Series, QFX10K Series, EX9200 Series, MX Series, PTX Series: Path traversal vulnerability in NFX150 and NG-RE leads to information disclosure (CVE-2019-0074)
|
A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series, and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. Please refer to https://kb.juniper.net/JSA10975 for more information. |