Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

12.3R12-S16: Software Release Notification for JUNOS Software Version 12.3R12-S16

0

0

Article ID: TSB17801 TECHNICAL_BULLETINS Last Updated: 15 Jun 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
EX Series
Alert Description:
Junos Software Service Release version 12.3R12-S16 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 12.3R12-S16 is now available.

12.3R12-S16 - List of Fixed issues
PR Number Synopsis Category: ESWD
1192520 GARPs being sent from the switch once in 10 minutes
Product-Group=junos
GARPs were being sent whenever there is a mac (fdb) operation (add or delete). This is now updated to send GARP when interface is UP & l3 interface attached to the vlan.
PR Number Synopsis Category: Security platform jweb support
1499280 Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services
Product-Group=junos
Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information.
 

12.3R12-S16 - List of Known issues
PR Number Synopsis Category: EX4300 Platform
1368940 Junos OS: EX and QFX Series: Console port authentication bypass vulnerability (CVE-2020-1618)
Product-Group=junos
On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. Refer to https://kb.juniper.net/JSA11001 for more information.
1378429 Junos OS: EX and QFX Series: Console port authentication bypass vulnerability (CVE-2020-1618)
Product-Group=junos
On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. Refer to https://kb.juniper.net/JSA11001 for more information.
PR Number Synopsis Category: EX-Series VC Datapath
1426741 Junos OS: EX4300: Traffic from the network internal to the device (128.0.0.0) may be forwarded to egress interfaces (CVE-2020-1628)
Product-Group=junos
Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. Refer to https://kb.juniper.net/JSA11008 for more information.
PR Number Synopsis Category: MX Layer 2 Forwarding Module
1451959 Junos OS: MX Series: Crafted packets traversing a Broadband Network Gateway (BNG) configured with IPv6 NDP proxy could lead to Denial of Service (CVE-2020-1633)
Product-Group=junos
Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded, leading to a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11012 for more information.
PR Number Synopsis Category: Border Gateway Protocol
1323474 Junos OS: BGP session termination upon receipt of specific BGP FlowSpec advertisement. (CVE-2020-1613)
Product-Group=junos
A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. The BGP NOTIFICATION message that terminates an established BGP session is sent toward the peer device that originally sent the specific BGP FlowSpec advertisement. Refer to https://kb.juniper.net/JSA10996 for more information.
1454677 Junos OS and Junos OS Evolved: Invalid BGP UPDATE sent to peer device may cause BGP session to terminate. (CVE-2020-1632)
Product-Group=junos
In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11013 for more information.
PR Number Synopsis Category: Express PFE FW Features
1372944 Junos OS: PTX1000 and PTX10000 Series, QFX10000 Series using non-AFT architectures: A specific genuine packet inspected by sFlow will cause a reboot. (CVE-2020-1617)
Product-Group=junos
An improper initialization of memory in the packet forwarding architecture in Juniper Networks Junos OS non-AFI/AFT platforms which may lead to a Denial of Service (DoS) vulnerability being exploited when a genuine packet is received and inspected by non-AFT/AFI sFlow and when the device is also configured with firewall policers. Refer to https://kb.juniper.net/JSA11000 for more information.
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1429719 Junos OS: A race condition vulnerability may cause RPD daemon to crash when processing a BGP NOTIFICATION message. (CVE-2020-1629)
Product-Group=junos
A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. Refer to https://kb.juniper.net/JSA11009 for more information.
PR Number Synopsis Category: Firewall Authentication
1475435 SRX Series: Unified Access Control (UAC) bypass vulnerability (CVE-2020-1637)
Product-Group=junos
A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy; Refer to https://kb.juniper.net/JSA11018 for more information.
PR Number Synopsis Category: Flow Module
1465944 Junos OS: High-End SRX Series: Multicast traffic might cause all FPCs to reset. (CVE-2020-1634)
Product-Group=junos
On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Refer to https://kb.juniper.net/JSA11014 for more information.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1168322 Junos OS: SRX Branch Series and vSRX Series: Multiple vulnerabilities in ISC BIND named. (CVE-2016-1285, CVE-2016-1286)
Product-Group=junos
ISC BIND software included with Junos OS on SRX Branch Series and vSRX devices has been upgraded to resolve multiple vulnerabilities. These issues are only applicable to SRX Branch Series and vSRX Series with DNS Proxy server enabled. Refer to https://kb.juniper.net/JSA10994 for more information.
PR Number Synopsis Category: rtsock kernel instrastructure
1407000 Kernel memory leak in virtual-memory due to interface flaps (CVE-2020-1625)
Product-Group=junos
The kernel memory usage represented as "temp" via 'show system virtual-memory' may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps. This memory leak can affect running daemons (processes), leading to an extended Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11004 for more information.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1344858 Junos OS: vMX: Default credentials supplied in configuration (CVE-2020-1615)
Product-Group=junos
The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. Refer to https://kb.juniper.net/JSA10998 for more information.
PR Number Synopsis Category: Issues related to control plane security
1470693 Junos OS: Multiple FreeBSD vulnerabilities fixed in Junos OS. (CVE-2018-6916, CVE-2018-6918)
Product-Group=junos
Multiple vulnerabilities have been resolved in Junos OS by updating third party software included with Junos OS or by fixing vulnerabilities found during internal testing. Refer to https://kb.juniper.net/JSA11016 for more information.
PR Number Synopsis Category: VMHOST platforms software
1398331 Junos OS: QFX10K Series, EX9200 Series, ACX Series, MX Series, PTX Series: Privilege escalation vulnerability in NG-RE. (CVE-2020-1619)
Product-Group=junos
A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, ACX Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. Refer to https://kb.juniper.net/JSA11002 for more information.
 
Modification History:
2020-06-15 First publication
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search