Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles18.3R2-S4: Software Release Notification for JUNOS Software Version 18.3R2-S4
| PR Number | Synopsis | Category: EX4300 Platform |
|---|---|---|
| 1502726 | On the EX4300 device, traffic loss might be seen with framing errors or runts if MACsec is configured. Product-Group=junos |
On EX4300 platform with Media Access Control Security (MACsec) configured, if there is high traffic flowing through the MACsec enabled link, increasing framing errors or runts statistics might be seen in the output of "show interfaces extensive <>" for the affected interface. Traffic loss might also happen due to this issue. |
| PR Number | Synopsis | Category: EX2300/3400 platform |
| 1477165 | EX3400 me0 interface might remain down Product-Group=junos |
The me0 interface of EX3400 does not come up when connected to 100m speed interface. |
| PR Number | Synopsis | Category: QFX Access control list |
| 1521763 | Firewall "sample" configuration gives the warning as unsupported on QFX10002-36q and will not work. Product-Group=junos |
On QFX10002-36q, when inline-jflow is configured, the IPv4 firewall filter with 'sample' action gives a waring "unsupported platform" and will not work. On the other hand, the IPv6 firewall filter with 'sample' action will still work as expected. |
| PR Number | Synopsis | Category: QFX PFE L2 |
| 1474142 | Traffic might get affected if the composite next-hop is enabled. Product-Group=junos |
On QFX5000 and EX4600 platforms with composite next hop enabled, traffic loss would occur when deleting leaked routes with composite next hop. |
| PR Number | Synopsis | Category: JUNOS kernel/ukernel changes for ACX |
| 1509402 | PFE crash might be seen and the FPC may remain down on ACX710 platform Product-Group=junos |
On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up. |
| PR Number | Synopsis | Category: common or misc area for SRX product |
| 1490181 | SRX1500 and SRX4K devices might boot up with rescue configuration after a power outage occurs Product-Group=junos |
After a power outage occurs, SRX1500 and SRX4K devices might load rescue configuration in order to boot up successfully. |
| PR Number | Synopsis | Category: Border Gateway Protocol |
| 1481641 | Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets (CVE-2020-1644) Product-Group=junos |
On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. Please refer to https://kb.juniper.net/JSA11032 for more information. |
| 1497721 | Junos OS: Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash. (CVE-2020-1640) Product-Group=junos |
An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11024 for more information. |
| PR Number | Synopsis | Category: OpenSSL and related subsystems |
| 1479780 | OpenSSL Security Advisory [20 Dec 2019] Product-Group=junos |
The OpenSSL project has published a security advisory for a vulnerability resolved in the OpenSSL library on December 20, 2019. Refer to https://kb.juniper.net/JSA11025 for more information. |
| PR Number | Synopsis | Category: Express PFE L2 fwding Features |
| 1427994 | The dcpfe process might crash and restart in MC-LAG scenario when the ARP/NDP next-hop is changed Product-Group=junos |
On QFX10002/QFX10008/QFX10016 Series platforms with enhanced MC-LAG scenario, the dcpfe process might crash and restart if the ARP/NDP next-hop is changed. |
| PR Number | Synopsis | Category: Flow Module |
| 1465286 | SRX Series: Double free vulnerability can lead to DoS or remote code execution due to the processing of a specific HTTP message when ICAP redirect service is enabled (CVE-2020-1647) Product-Group=junos |
On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message. Refer to https://kb.juniper.net/JSA11034 for more information. |
| PR Number | Synopsis | Category: JSR Application Services |
| 1460035 | Junos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution (CVE-2020-1654) Product-Group=junos |
On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE). Refer to https://kb.juniper.net/JSA11031 for more information. |
| PR Number | Synopsis | Category: Security platform jweb support |
| 1499280 | Junos OS: Security vulnerability in J-Web and web-based (HTTP/HTTPS) services Product-Group=junos |
Junos OS: Security vulnerability in J-Web and web-based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information. |
| PR Number | Synopsis | Category: Layer2 forwarding on EX/NTF/PTX/QFX |
| 1406691 | Some interfaces of aggregated Ethernet bundle might go to the Detached state after the bulk configurations change. Product-Group=junos |
On QFX5000 platforms with scaled setup of the aggregated Ethernet (ae) bundles and VLANs, if Link Aggregation Control Protocol (LACP) is enabled, and there are scaled configuration changes, for example, delete 4000 VLANS/VXLANs and reapply them again, some interfaces of ae bundle might go to the detached state. Due to this issue, the running routing protocols (for example, LACP and BGP) will go down over the affected ae bundles. |
| PR Number | Synopsis | Category: Multiprotocol Label Switching |
| 1517018 | The rpd might crash after upgrading Junos software release from pre 18.1 to 18.1 onwards Product-Group=junos |
On all Junos platforms, the rpd might continuously crash after upgrading Junos software release from pre 18.1 to 18.1 onwards while graceful-restart and RSVP/static LSP are configured. This is because there is a change in the data structure written to the restart db file from 18.1 onwards. So, when rpd comes up and tries to read the restart db file written by pre 18.1 release image, the rpd might crash. |
| PR Number | Synopsis | Category: DNS filtering on MX. |
| 1474056 | Junos OS: MX Series: Services card might restart when DNS filtering is enabled (CVE-2020-1645) Product-Group=junos |
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. Refer to https://kb.juniper.net/JSA11028 for more information. |
| PR Number | Synopsis | Category: OS IPv4/ARP/ICMPv4 |
| 1468183 | Junos OS: Kernel crash (vmcore) or FPC crash due to mbuf leak (CVE-2020-1653) Product-Group=junos |
On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore). Refer to https://kb.juniper.net/JSA11040 for more information. |
| PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
| 1505864 | The installation fails when upgrading from legacy Junos to specific BSDx based Junos Product-Group=junos |
The installation might fail when upgrading from legacy Junos (before Junos 15.1) to higher BSDx based Junos releases (Junos 15.1 and after). |
| 1518898 | The kernel might crash if a file/directory is accessed for the first time and is not created locally Product-Group=junos |
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue. |
| PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
| 1453811 | Delay in freeing processed defragment buffers lead to prolonged flow control and might crash. Product-Group=junos |
On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. Refer to https://kb.juniper.net/JSA11037 for more information. |
| PR Number | Synopsis | Category: TRIO Interface based services |
| 1465490 | On MPC7, MPC8, and MPC9, WO packet error and FPC major alarm are observed when reassembling the small fragments. Product-Group=junos |
When a device is running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, and GRE, the Packet Forwarding Engine is disabled upon receipt of small fragments requiring reassembly. Refer to https://kb.juniper.net/JSA11036 for more information. |
| PR Number | Synopsis | Category: Trio pfe l3 forwarding issues |
| 1474154 | Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of large packets requiring fragmentation (CVE-2020-1655) Product-Group=junos |
When a device is running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by MAP-E, the Packet Forwarding Engine is disabled upon receipt of large packets requiring fragmentation. Refer to https://kb.juniper.net/JSA11041 for more information. |
| PR Number | Synopsis | Category: IPSEC/IKE VPN |
|---|---|---|
| 1517262 | The flowd might crash in IPsec VPN scenario Product-Group=junos |
On SRX platforms with IPsec VPN configured, the flowd might crash during the IPsec VPN rekey window. The traffic/service might be impacted if hitting this issue. |
| PR Number | Synopsis | Category: QFX L2 PFE |
| 1454095 | Changing the VLAN name associated with the access ports might prevent the MAC addresses from being learned under the EVPN-VXLAN scenario. Product-Group=junos |
On the QFX5k platform with EVPN-VXLAN configured, if the VLAN name associated with access ports is changed, then the virtual bridge domain may not be created. Due to this, the MAC addresses will not be learned. This issue will cause traffic loss. |
| 1475005 | The system might stop new MAC learning and impact the Layer 2 traffic forwarding. Product-Group=junos |
On QFX platforms, if there are a lot of MAC moves, the system might stop new MAC learning and lots of old MAC addresses might be stuck and couldn't be aged and deleted. Due to this issue, could have impact on layer 2 traffic forwarding and the customer service. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search