Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.4R2-S9: Software Release Notification for JUNOS Software Version 18.4R2-S9

0

0

Article ID: TSB18196 TECHNICAL_BULLETINS Last Updated: 28 Oct 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 18.4R2-S9 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action notification
Impact Impact Description
Low/Notification - Monitor the situation but no action needed Software Release Notification

Solution:

Junos Software service Release version 18.4R2-S9 is now available.

18.4R2-S9 - List of Fixed issues

PR Number Synopsis Category: EX4300 PFE
1597548 Broadcast traffic might be discarded when a firewall filter is applied to the loopback interface
Product-Group=junos
On EX4300 platforms, when a firewall filter for broadcast traffic with discard action policer is applied to the loopback interface, all broadcast packets (including Layer 2 forwarding packets, such as DHCP discover packets) that match this filter rule might be dropped.
PR Number Synopsis Category: Marvell based EX PFE L3
1462106 Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX-4600-EX-4300 VC
Product-Group=junos
Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX-4600-EX-4300 VC
PR Number Synopsis Category: EX2300/3400 PFE
1542530 Junos OS: EX2300, EX3400 and EX4300 Series: An Aggregated Ethernet (AE) interface will go down due to a stream of specific layer 2 frames (CVE-2021-31365)
Product-Group=junos
An Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS on EX2300, EX3400 and EX4300 Series platforms allows an adjacent attacker sending a stream of layer 2 frames will trigger an Aggregated Ethernet (AE) interface to go down and thereby causing a Denial of Service (DoS) Refer to https://kb.juniper.net/JSA11227 for more information.
PR Number Synopsis Category: EX2300/3400 VC
1576774 The device implemented with different service image version might become VC member as unexpected
Product-Group=junos
A new virtual chassis (VC) member might join into VC as unexpected if service image version on the VC member is different from the ones running on VC master device. When this issue happens, the new VC member could not forward packets. This issue affects EX platforms only.
PR Number Synopsis Category: EX-Series VC Infrastructure
1579430 EX4300 VCP might not come up after upgrade when QSFP+-40G-SR4/QSFP+-40G-LR4/QSFP+40GE-LX4 is used
Product-Group=junos
On EX4300 VC platform, the virtual-chassis ports might go down after the image upgrade. This issue is seen in a scenario when QSFP+-40G-SR4/QSFP+-40G-LR4/QSFP+40GE-LX4 is used as VCP. The issue is fixed in the following Junos releases: junos:18.4R3-S9 junos:19.1R3-S6 junos:19.4R3-S4 junos:20.2R3-S2 junos:20.3R3 junos:20.4R3 junos:21.1R2 junos:21.2R1 junos:21.2R2 junos:21.3R1
PR Number Synopsis Category: Qfx pfe ddos protection
1576488 Junos OS: QFX5000 Series and EX4600 Series: Control traffic might be dropped if a high rate of specific multicast traffic is received (CVE-2021-31370)
Product-Group=junos
An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker which sends a high rate of specific multicast traffic to cause control traffic received from the network to be dropped. Refer to https://kb.juniper.net/JSA11232 for more information.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1589765 The multi-hop BFD session may flap if the RSI (Request Support Information) collection command is executed
Product-Group=junos
On QFX10002 platforms, the multi-hop BFD session might flap if collecting RSI or some other outputs (such as show interface or configuration). It is caused by the missing BFD packets because the PPMAN thread is not scheduled within the BFD timers which are 300 milliseconds with a multiplier of 3.
PR Number Synopsis Category: Border Gateway Protocol
1463306 Junos OS: Receipt of a specific BGP update may cause RPKI policy-checks to be bypassed (CVE-2021-31375)
Product-Group=junos
An Improper Input Validation vulnerability in routing process daemon (RPD) of Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI); Refer to https://kb.juniper.net/JSA11240 for more information.
1487486 The rpd might crash with BGP RPKI enabled in a race condition.
Product-Group=junos
On all Junos platforms with BGP PRKI (Resource Public Key Infrastructure) scenario, if NSR is enabled and scale routes and ROAs exist, in a very rare case, the ROA (route origin authorization) might be withdrawn before replicating to the backup RE when ROA changes happen, which results in the rpd crash.
1507003 The rpd process might crash after executing "show route" command
Product-Group=junos
In L3VPN PE-CE link protection scenario with all platforms, the routing protocol process (rpd) may crash if user tries to display route details via "show route x.x.x.x" commands.
1581794 The rpd might crash in BGP and MPLS scenario
Product-Group=junos
In BGP and MPLS scenario, if a BGP route's forwarding next-hop has no IFA associated (e.g. dynamic tunnel forwarding next-hop etc), the rpd might crash if "ping mpls bgp" is used.
1587879 Wrong BGP next hop advertisement in Layer 3 VPN scenario
Product-Group=junos
On all platforms running Junos OS and Junos OS Evolved with BGP Layer 3 VPN enabled, when the local Provider Edge (PE) device establishes iBGP peer with remote PE via loopback address and eBGP peer with local customer edge (CE) device, if remote PE's loopback address happens to match the link subnet address of local PE-CE, the PE incorrectly advertises the VPN route with remote PE's loopback as the next hop. The next hop should be unchanged. This could cause traffic loss on local CE.
1592550 The traffic might get blackholed or forwarded through not-best path in BGP setup
Product-Group=junos
On all Junos and EVO platforms, the traffic might get blackholed or forwarded through not-best path when an iBGP route (that by default uses indirect nexthop) is forced to use 'discard' (or some other non-indirect) nexthop through policy by matching some specific BGP attribute (example, a specific community) and later when the iBGP route is updated (for example, remove the specific community) so that it transitions to use indirect nexthop.
PR Number Synopsis Category: BBE Remote Access Server
1576182 Junos OS: MX Series: In subscriber management / BBE configuration authd can crash if a subscriber with a specific username tries to login leading to a DoS (CVE-2021-31366)
Product-Group=junos
An Unchecked Return Value vulnerability in the authd (authentication daemon) of Juniper Networks Junos OS on MX Series configured for subscriber management / BBE allows an adjacent attacker to cause a crash by sending a specific username. This impacts authentication, authorization, and accounting (AAA) services on the MX devices and leads to a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11228 for more information.
PR Number Synopsis Category: PD issues on BRCM platforms running EVO
1545455 The chip on FPC line card might crash when the system reboots.
Product-Group=junos
On the FPCs with Broadcom chip, if the jinsightD (health-mon) is not disabled ("set system processes health-mon disable"), the FPC might crash during the system booting. Traffic loss is seen during the FPC crash and restart.
PR Number Synopsis Category: MX Platform SW - Environment Monitoring
1551760 The LCM Peer Absent message might be seen.
Product-Group=junosvae
On all TVP platforms, a major alarm of "LCM Peer Absent" might be seen.
PR Number Synopsis Category: PTX Chassis Manager
1602292 Junos OS: PTX10002-60C System: After upgrading, configured firewall filters may be applied on incorrect interfaces (CVE-2021-31382)
Product-Group=junosvae
On PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS, may update the devices interfaces with incorrect firewall filters. This issue only occurs when upgrading the device to an affected version of Junos OS. Refer to https://kb.juniper.net/JSA11250 for more information.
PR Number Synopsis Category: MX Platform SW - UI management
1460657 The chassisd might crash
Product-Group=junos
On Junos OS platforms with NG-RE architecture, if receiving invalid host packets (such as, zero byte size), chassisd crash might be seen. As chassisd restarts after the core and it causes the FPCs and SCBs/SIBs reinitialize, traffic impact might be seen.
PR Number Synopsis Category: L2NG Access Security feature
1568654 Junos OS and Junos OS Evolved: Local Privilege Escalation and Denial of Service
Product-Group=junos
A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Service (DoS), or execute arbitrary commands as root. A second improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) was also discovered, allowing a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or additional Denial of Service (DoS). Refer to https://kb.juniper.net/JSA11222 for more information.
PR Number Synopsis Category: QFX Control Plane VXLAN
1520688 The local PE does not remove VNI flood information even though it does not receive VXLAN message from remote PE
Product-Group=junos
On all Junos platforms, the local PE does not remove VNI flood information when the remote PE deletes the VXLAN VLAN and all belonged CE interfaces.
PR Number Synopsis Category: Device Configuration Daemon
1530935 Backup Routing Engine or backup node may get stuck in bad status with improper backup-router configuration
Product-Group=junos
Redundant group 1+ may report Interface Monitor failure if backup router destination prefix is configured same as interface IP address.
PR Number Synopsis Category: Firewall Filter
1452435 Commit error and dfwd core file might be observed when you apply a firewall filter with the then traffic-class or then dscp action.
Product-Group=junos
Commit failure with error might be seen and the dfwd crashes when applying a firewall filter with action "then traffic-class" or "then dscp" to an interface.
1528403 Junos OS: User-defined ARP Policer isn't applied on Aggregated Ethernet (AE) interface until firewall process is restarted (CVE-2021-0289)
Product-Group=junos
When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. Please refer to https://kb.juniper.net/JSA11191 for more information.
1555724 The dfwd process might crash when implementing non-contiguous firewall filter
Product-Group=junos
On all Junos platforms with Trio based chips (except PTX and QFX), if implementing firewall filter with non-contiguous match terms, the dfwd process might crash, and dfw core and commit failure could be seen.
PR Number Synopsis Category: EVPN control plane issues
1577548 The mustd.core process generates core file during upgrading or while committing a configuration
Product-Group=junos
On MX Series platforms, if the "protocols evpn" is not configured at the global level but one or more routing instances are configured, the mustd process crash can be seen during upgrade or while committing a configuration.
PR Number Synopsis Category: EX Chassis chassism/chassisd
1556558 FPC with power related faults might get on-lined again once Fabric Healing has off-lined the FPC
Product-Group=junos
In rare cases of power related failures on the FPC, Fabric Healing will detect and try to heal this fault condition by performing an offline/online FPC event. If the same FPC fails again within 10 minute period, fabric auto-healing attempt is considered failing and the FPC will get off-lined to avoid further operational impact. If during the power offline event, the faulty FPC gets disconnected ungracefully due to the hardware power fault, the FPC might attempt an on-lined request again after 5 minutes. There may be traffic impact due to this issue.
PR Number Synopsis Category: Express PFE FW Features
1589133 Junos OS: PTX Series: An FPC heap memory leak will be triggered by certain Flowspec route operations which can lead to an FPC crash (CVE-2021-31367)
Product-Group=junos
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows an adjacent attacker to cause a Denial of Service (DoS) by sending genuine BGP flowspec packets which cause an FPC heap memory leak. Once having run out of memory the FPC will crash and restart along with a core dump. Refer to https://kb.juniper.net/JSA11229 for more information.
PR Number Synopsis Category: Express PFE L2 fwding Features
1584197 Junos OS: QFX Series and PTX Series: FPC resource usage increases when certain packets are processed which are being VXLAN encapsulated (CVE-2021-31361)
Product-Group=junos
An Improper Check for Unusual or Exceptional Conditions vulnerability combined with Improper Handling of Exceptional Conditions in Juniper Networks Junos OS on QFX Series and PTX Series allows an unauthenticated network based attacker to cause increased FPC CPU utilization by sending specific IP packets which are being VXLAN encapsulated leading to a partial Denial of Service (DoS). Refer to https://kb.juniper.net/JSA11223 for more information.
PR Number Synopsis Category: Express PFE L3 Multicast
1539194 Junos OS: QFX10K Series: Denial of Service (DoS) upon receipt of DVMRP packets received on multi-homing ESI in VXLAN. (CVE-2021-0295)
Product-Group=junos
A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks Junos OS on the QFX10K Series switches allows an attacker to trigger a packet forwarding loop, leading to a partial Denial of Service (DoS). The issue is caused by DVMRP packets looping on a multi-homed Ethernet Segment Identifier (ESI) when VXLAN is configured. DVMRP packets received on a multi-homed ESI are sent to the peer, and then incorrectly forwarded out the same ESI, violating the split horizon rule. Refer to https://kb.juniper.net/JSA11208 for more information.
PR Number Synopsis Category: Express pfe Mclag
1594573 The existing ECMP route traffic may be dropped if configuring a static ECMP route with the same number of next-hops as the existing ECMP route
Product-Group=junos
If a static ECMP route is configured with the same number of next-hops as the existing ECMP route and each member's next-hop is reachable over the same IRB as the existing route, the existing ECMP route traffic might be dropped.
PR Number Synopsis Category: Express PFE MPLS Features
1508644 Traffic loss might be observed in a MPLS scenario
Product-Group=junos
On PTX Series platforms, when a route resolves over a composite next hop and its target next hop also resolves over another composite next hop, the order of labels pushed might not be correct.
PR Number Synopsis Category: Interface Information Display
1561065 The input errors counter command on the monitor interface command does not work
Product-Group=junos
"Input errors" counter on "monitor interface" CLI not working. After fixing this issue, 'Input errors' shows sum of all input errors. This is a common issue of ge-/xe-/et interfaces.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1456785 Kernel crash might be seen when micro BFD configuration is applied to a LAG interface
Product-Group=junos
On all Junos platforms, when micro BFD (Bidirectional Forwarding Detection) configuration is applied to a LAG interface with many child links, in this scenario, kernel crash might be observed causing the device reboot.
1539537 The stats of aggregated Ethernet interfaces might show incorrect value if performing SNMP polling and "show interfaces ae#" either via CLI or NETCONFat the same time
Product-Group=junos
When running continuous sync ("show interfaces ae# extensive") and async (SNMP polling) queries on aggregated Ethernet interface in parallel, spikes in aggregated Ethernet interface framing errors counter might be observed between correct values.
1592456 Routing Engine kernel might crash due to IFL of aggregated interface adding failure in Junos kernel
Product-Group=junos
In a rare case, the logical interface (IFL) of an aggregated interface (e.g., AE, RLT, RVT, AF, AMS, RLSQ interface etc.) might fail to be added to Junos kernel. In this case, the Routing Engine kernel might crash with vmcore file generated. The IFL of aggregated interface adding failure in Junos kernel could happen in cases like failure of multicast filter list initialization or DCD sending an invalid vlan-id or memory allocation error etc.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1565213 The new master RE post switchover might go into DB mode (or crash) on EX platforms
Product-Group=junos
On EX and EX-VC platforms, if post routing engine switchover, MAC address is configured to IRB interface (for ex: set interface irb.500 mac 00:11:22:33:44:55) on new master RE, then the new master RE might crash or go into DB mode.
1593539 IPv6 neighbor might remain unreachable in VRRP for IPv6 scenario
Product-Group=junos
In the scenario where VRRP for IPv6 is configured over IRB interface, the IPv6 neighbor might remain unreachable.
PR Number Synopsis Category: ISIS routing protocol
1538696 IS-IS adjacency might flap after committing configuration change on protocol MTU for IS-IS interface
Product-Group=junos
With IS-IS configured, committing configuration change on protocol MTU for IS-IS interface will trigger a sequence of events in Junos. The following specific sequence of events might cause IS-IS hello PDU to convey incorrect IP address in IS-IS TLV #132 (IP interface address field) which would result in the IS-IS adjacency flapping. This is a timing issue. == The following sequence of events trigger this issue when changing protocol MTU for IS-IS interface == 1. IP interface address is deleted. 2. IS-IS hello PDU is sent out. 3. MTU is changed to new value. 4. IP interface address is added back. When the IP interface address (IFA) is deleted due to protocol MTU (like inet MTU) being changed, if IS-IS hello PDU is sending out during this time, the current implementation will encode the router-id in IS-IS TLV #132 (IP interface address field). So, in this special case, the IS-IS hello PDU received by IS-IS neighbor will be marked as invalid because of address mismatch and the IS-IS adjacency will be down. In the fix of this PR, by default, Junos does not encode the router-id in IS-IS hello PDU when IFA is not present on interface. However, a hidden knob is given for the backward compatibility, and when this knob is configured, the router-id will be encoded in IS-IS hello PDU if IFA is not present on interface.
1542932 ISIS route convergence from L1 to L2 might take more than 10 minutes
Product-Group=junos
As design of ISIS, if a prefix is received from both L1 and L2, the prefix from L1 has priority and will be installed into routing table. If the L1 prefix is withdrawn, route convergence occurs immediately and the L2 prefix is installed into routing table instead in a very short time. The traffic destined to the prefix will not be impacted in this condition. However if this issue is hit, the route convergence from L1 to L2 might take more than 10 minutes, the route of the prefix does not exist in routing table during this period, and the traffic destined to the prefix will lose completely.
PR Number Synopsis Category: jdhcpd daemon
1565540 The jnxJdhcpLocalServerMacAddress (.1.3.6.1.4.1.2636.3.61.61.1.4.3) returns incorrect format of the MAC address.
Product-Group=junos
Because an improper data type is assigned to the MAC address in the code, jnxJdhcpLocalServerMacAddress (.1.3.6.1.4.1.2636.3.61.61.1.4.3) returns an incorrect MAC address format.
PR Number Synopsis Category: Adresses ALG issues found in JSF
1577814 Junos OS: MX Series: Receipt of specific packet on MS-MPC/MS-MIC causes line card reset (CVE-2021-31351)
Product-Group=junos
An Improper Check for Unusual or Exceptional Conditions in packet processing on the MS-MPC/MS-MIC utilized by Juniper Networks Junos OS allows a malicious attacker to send a specific packet, triggering the MS-MPC/MS-MIC to reset, causing a Denial of Service (DoS). Refer to https://kb.juniper.net/JSA11216 for more information.
PR Number Synopsis Category: Layer 2 Control Module
1540380 BPDUs are not sent out when the interface on anchor FPC is down
Product-Group=junos
On EX92 series platforms, BPDUs are not sent out when the interface on anchor FPC is down. It might cause the Layer2 loop and xSTP session flap.
1583092 The l2ald crash if a specific naming format is applied between a vlan-range and a single vlan
Product-Group=junos
On all L2NG platforms (EX2300/EX3400/EX4300/EX4600/EX9200/QFX3500/QFX3600/QFX5100/QFX10000 etc.) with 'vlan-range' configured, if a single vlan is defined with the format [previously_defined_vlan_range_name]-vlan-[any_string_value]. When an interface already assinged to the vlan-range is trying to be assinged to the single vlan, the layer2 address learning daemon (l2ald) might crash.
1589216 The l2cpd process might crash
Product-Group=junos
When an interface is not configured with 'loop-detect', and then the command "clear loop-detect statistics interface NAME" for is issued for this interface, the l2cpd process might crash.
PR Number Synopsis Category: lacp protocol
1599029 Uneven traffic distribution might be observed between member links of LAG
Product-Group=junos
On PTX Series routers with LAG scenario where a prefix is advertised by two devices that are connected to the same upstream device, if the traffic with explicit null MPLS label from the upstream device to this prefix is shifted away from one of the devices by any means (like withdrawing the route advertising or disconnecting all its LAG links to the upstream device), the uneven traffic distribution might be seen on a few member links of the LAG on another device. This is due to an improper hash algorithm for LAG, which might cause performance degradation.
PR Number Synopsis Category: Label Distribution Protocol
1533238 The traffic loss might happen when the LSP convergence time is too long between the Juniper device and other vendors
Product-Group=junos
In the scenario that the LSP link is established between the Juniper device and other vendors, if the carried way of LSP message in LSP PDU used by the vendor is "only one massage (Label mapping) per LSP PDU", it might cause too many PDU to be exchanged for the same service, then the LSP convergence time might be long and the LDP sessions might be unstable between the LSP peers. In the rare case, if the large-scale (such as 5k) FECs (LDP forwarding equivalence class) or heavily-load routes (such as 5000k BGP routes) are exchanged via these LSP peers, the LSP convergence time might be too long to recover slowly, after that, the LSP link might flap and the related services might be impacted.
1582037 Sub-optimal routing issues might be seen in case LDP route with multiple next-hops
Product-Group=junos
In the case of the LDP route with multiple next-hops, the last NH weight in table mpls.0 is not set properly when the total number of LDP NHs is multiple of 8 + 1, e.g., 9, 17. This might lead to some backup route active as the primary path, which might result in a traffic loop.
PR Number Synopsis Category: Issues related to Junos licensing infrastructure
1519672 During an upgrade, system displays the following incorrect license warnings when utilizing licensable features even if the license is present on the device: requires 'idp-sig' license
Product-Group=junos
During an upgrade, system would display incorrect license warnings when utilizing licensable features such as 'warning: requires 'idp-sig' license' even if the license is present on the device. This issue is applicable to other Junos devices.
PR Number Synopsis Category: PTX1000 platform
1460406 PTX1000 and PTX10002 routers might get drop or discarded after transient SIB or FPC voltage alarms.
Product-Group=junosvae
On PTX1000 and PTX10002 platforms, if transient voltage fluctuations on a SIB or an FPC are seen, it might trigger the fabric healing process (FHP) and FPC/SIB restart. Later, the SIB might not restart but the FPC still goes online, so the device might experience silent dropping of packets, which affects the service.
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1564323 "Last flapped" timestamp for interface fxp0 gets reset every time "monitor traffic interface fxp0" is executed
Product-Group=junos
"Last flapped" timestamp for interface fxp0 gets reset every time "monitor traffic interface fxp0" is executed.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1551193 VM might crash if file is shared between host operating system and guest operating system using virtFS
Product-Group=junos
On Virtual Machines (VM) based platforms running Junos images, file might not be shared between host operating system and guest operating system via Virtual Filesystem (virtFS). When this issue happens, device might be restarted.
1563647 Memory corruption of any binary in /usr/bin/ or /usr/sbin/ may be triggered when a recovery snapshot is being copied to the OAM volume or system while it's in heavily stressed condition
Product-Group=junos
Memory corruption of a binary from /usr/bin/ or /usr/sbin/ directory can occur if such binary is invoked when a recovery snapshot creation is in progress. The exact symptoms will be different depending on the exact binary and JUNOS version - some programs will show an error, and some programs will crash every time it is executed. Such memory corruption will be persistent until the affected Routing Engine is restarted. Please refer to TSB17954 (https://kb.juniper.net/TSB17954) for further details. In addition to recovery snapshot, a device reboot could also be a possible trigger when the system is under heavier read operations across the mounted packages.
1602005 Upgrade might fail when upgrading from legacy release
Product-Group=junos
On all platforms (For SRX, only SRX5k with RE-1800x4) while directly upgrading from Junos with FreeBSD 6 (e.g. 15.1X49 or before) to the affected releases, the system will check the USB connection. The upgrading will fail if there is no USB device detected during the upgrading process.
PR Number Synopsis Category: "ifstate" infrastructure
1484322 The SNMP index in the Packet Forwarding Engine reports as 0, causing sFlow to report either IIF or OIF (not both) as 0 in the sFlow record data at the collector.
Product-Group=junos
The SNMP index for bundle interface might become zero in PFE after restarting the FPC. This could cause the sflow records to have either "input interface value" (IIF) or "output interface value" (OIF) as 0 value.
PR Number Synopsis Category: TCP/UDP transport layer
1557881 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
1595649 Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284)
Product-Group=junos
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to https://kb.juniper.net/JSA11200 for more information.
PR Number Synopsis Category: Kernel Tunnel Interface Infrastructure
1584969 Traffic impact might be seen when tunnel-services bandwidth is configured
Product-Group=junos
On all Junos platforms, when the 'bandwidth' value is modified under the 'tunnel-services' knob, it might take a long time (approximately 35-40 minutes) to bring up IFD (physical interfaces) and result in a traffic impact, particularly multicast traffic.
PR Number Synopsis Category: Paradise pfe ddos protection feature
1578579 TACACS traffic might be dropped
Product-Group=junos
On PTX Series routers and QFX Series switches, the traffic from TACACS port 49 might not be classified into a proper DDoS queue. When the issue happens, it might cause the unclassified traffic to get dropped when the CPU utilization is very high.
PR Number Synopsis Category: Periodic Packet Management Daemon
1561850 The ppmd memory leak may cause traffic loss
Product-Group=junos
On all platforms, ppmd memory leak and then ppmd crash might happen, which may potentially cause traffic loss if process dfwd flap (maybe another name in Evolved system and performing restart firewall can achieve this). This is because that the old memory allocated for dfwd is not freed and the new memory is then allocated by ppmd during the flap.
PR Number Synopsis Category: PTP related issues.
1479027 Syslog messages related to the Precision Time Counter (PTC) process
Product-Group=junos
Syslog messages can be seen related to the precision time counter (PTC) on a very few devices. Issue happens if the reboot sequence is such that the initialization of the PTC counters fails, thus leaving continuous periodic errors in the PTC. Fix will enable the PTC to initialize correct with a few init retries.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1555852 In the QFX10002-72Q line of switches, SNMP walk jnxOperatingEntry displays only two PSU even if four PSU are installed.
Product-Group=junosvae
In the QFX10002-72Q line of switches, SNMP walk jnxOperatingEntry displays only two PSU even if four PSU are installed.
1598019 Dropping socket connection due to keepalive timer expiration with port 33015
Product-Group=junosvae
Dot1x is disabled for a platform but still, l2ald process trying to connect with dot1x due to that we are seeing Syslog messages continuously.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1449897 The em0 route might be rejected after the em0 interface is disabled and then enabled
Product-Group=junos
On QFX platforms with "em0" interface used, the "em0" route will be rejected after the following operation, disable both the "em0" interface on the QFX and the remote-end interface, reboot the QFX, enable the "em0" first then enable the remote-end interface after the bootup. The "em0" interface won't be accessible after the issue happens. The issue impacts the management of the QFX.
1475081 100G-SR4 port is converted into two channelized ports without any channelization configuration
Product-Group=junos
On QFX platforms, if auto-speed is enabled on the 100G-SR4 port, the port is converted into two channelized ports without any channelization configuration.
PR Number Synopsis Category: QFX access control list
1583440 Firewall filter not programmed after deleting a large filter and adding a new one in a single commit on QFX5K platforms
Product-Group=junos
On QFX5k platforms, if a large filter that is applied to one or more interfaces is deleted and another large filter is applied in a single commit, both filters need to exist at the same time in Ternary Content-Addressable Memory (TCAM) for a brief period. If the size of both filters combined is bigger than the available TCAM space, the second filter will not be programmed in hardware, and functionality expected from the filters will not be available. This is a hardware limitation and this software fix only adds additional syslogs to indicate that the firewall is not programmed.
1606256 Multicast streams may stop flooding in VXLAN setup
Product-Group=junos
In VXLAN with multicast used scenario, multicast traffic might not get flooded if the multicast IP is in one of the IP range (224.0.0.32 - 224.0.0.255). This is because a newly introduced dynamic filter only works for non-VxLAN traffic.
PR Number Synopsis Category: QFX L2 PFE
1484336 The dcpfe might crash on platforms with auto-channelization enabled
Product-Group=junos
On QFX Series and EX Series switches with auto-channelization support, an optic speed mismatch connection might cause the auto-channelization to get into an infinite loop trying to match a proper speed. In this case, due to some memory leaks, the resources get exhausted, resulting in system crash. The traffic gets disrupted when the system dcpfe restarts.
1535555 PFE error message maybe observed on QFX5k devices
Product-Group=junos
On a QFX5110 or QFX5120 platforms, when the Type 5 tunnels are destroyed, sometimes we may see error messages "brcm_virtual_tunnel_port_create() ,489:Failed NW vxlan port token(45) hw-id(7026) status(Entry not found)". There is no functionality impact due to this.
1580352 DHCP packets might be dropped if dynamic filter 'dyn-dhcpv4_v6_trap' is applied on the interface
Product-Group=junos
DHCP packets might be dropped when dynamic filter 'dyn-dhcpv4_v6_trap' is applied and software-based learning CLI is enabled on the interface.
1600892 Two copies of broadcast ARP packets are sending to the other VTEPs
Product-Group=junos
On EX2300/3400/4300/46XX and QFX5000 Series platforms in EVPN/VXLAN scenario, the L2 Leaf devices might send two copies of broadcast ARP packets to other VTEPs.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1408086 The ECMP load balancing might not work when the "ecmp-resilient-hash" knob was enabled
Product-Group=junos
On the QFX5200/QFX5210 with the ECMP configured, if the "ecmp-resilient-hash" knob is enabled, the load balancing may not work.
1561722 Junos OS: QFX5000 Series: Traffic from the network internal to the device (128.0.0.0) may be forwarded to egress interfaces. (CVE-2021-31371)
Product-Group=junos
Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5000 Series switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. Refer to https://kb.juniper.net/JSA11236 for more information.
1588704 The dcpfe might crash on QFX5k devices
Product-Group=junos
On QFX5000 line of switches, the Flexible PIC Concentrator (FPC) or dcpfe process might go into a very uncommon state when multiple Broadcom Counter (bcmCNTR) threads are running or spawned in FPC. This state causes the dcpfe process to crash or the FPC to reboot. The purpose of bcmCNTR is to poll statistics from hardware.
1594030 Packet drop might occur in ECMP next-hop flap scenario
Product-Group=junos
On all Broadcom-based platforms, ECMP next hop flaps or MTU size changes may result in the route pointing to 100004 on the Packet Forwarding Engine level. When this issue happens, any packet/traffic hitting this route might get dropped silently.
PR Number Synopsis Category: QFX EVPN / VxLAN
1554389 Wrong ARP reply might be sent via AE interface on QFX5000 series platforms
Product-Group=junos
Wrong Address Resolution Protocol (ARP) reply might be sent by QFX5000 series platforms when the ARP request packet is received via an Aggregated Ethernet (AE) interface. This issue affects QFX5000 series platforms running Junos image only. Please refer to workaround to avoid this issue.
1582017 The traffic may not be load-balanced properly in an EVPN overlay-ecmp setup
Product-Group=junos
On QFX5110 device with overlay-ecmp configuration for EVPN-VxLAN, the traffic might not get load-balanced correctly when multi-traffic streams with different source addresses are sent across the fabric.
1589702 LLDP packets drop on SP style interface for QFX devices
Product-Group=junos
On QFX platforms with VxLAN Ports configured in SP style, LLDP neighbor ship may not be formed due to wrong IFL allocation in hostpath. This can cause LLDP packet drops.
PR Number Synopsis Category: QFX5100 Interface related issues
1555741 The Virtual Chassis Port (VCP) might not come up after upgrading to 18.4R2-S4 or later releases on EX4600 or QFX5100 platform
Product-Group=junos
In EX4600 or QFX5100 with the Virtual Chassis (VC) scenario, if the QSFP+-40G-LR4/LX4/BXSR is used as the Virtual Chassis Port (VCP), it might come up against the optical signal strength issue accidentally after upgrading to 18.4R2-S4 or later releases. Then the VCP might be brought down by the physical port driver randomly and not come up again. The functionality of VC or the Virtual Chassis Fabric (VCF) might be impacted.
PR Number Synopsis Category: RPD Interfaces related issues
1594981 The label field for the EVPN Type 1 route is set to 1
Product-Group=junos
In the EVPN/VXLAN scenario, the label field for Type-1 route is not required but it is assigned 1 instead of 0, which is in conflict with the RFC7432.
PR Number Synopsis Category: KRT Queue issues within RPD
1582226 The rpd process may be stuck in 100% due to race condition
Product-Group=junos
The rpd process may be stuck in 100% due to a race condition. There is a defect on the code for the processing of route entries between Routing Engine and FPC. This is due to incorrect operations of two internal threads in a race condition, resulting in a tight loop on code and high rpd CPU usage.
1588439 The rpd crash might be observed on the router running a scaled setup
Product-Group=junos
On all Junos platforms, in a rare scenario with scaled routing set up, the kernel memory might get full, which could lead to the rpd crash. There will be service impact and it will get recover automatically after the crash. When the rpd crashes, the core files (or dump files) can be seen by executing CLI command "show system core-dumps". user@hostname> show system core-dumps -rw-rw- - - - 1 root field /var/tmp/rpd.core<*>.gz
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1589309 The process rpd may crash with dynamic tunnel configuration
Product-Group=junos
If a route with low mask (e.g., 1.1.1.0/24) is used as the forwarding route for multiple dynamic tunnels first, and some more specific routes (e.g., 1.1.1.1/32, 1.1.1.2/32) are learnt later, during the stage of updating them as the new forwarding routes for those dynamic tunnels respectively, the process rpd may crash.
1595165 Junos OS and Junos OS Evolved: RPD core upon receipt of specific BGP update (CVE-2021-31353)
Product-Group=junos
An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an attacker to inject a specific BGP update, causing the routing protocol daemon (RPD) to crash and restart, leading to a Denial of Service (DoS). Refer to https://kb.juniper.net/JSA11218 for more information.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1565425 The KRT log file might continue to grow after removing the KRT log configuration
Product-Group=junos
If kernel routing table (KRT) trace logs are configured and later removed, they will remain active and KRT logs will still be written to the configured files.
PR Number Synopsis Category: jflow/monitoring services
1517646 The srrd process might crash in a high route churns scenario or if the process flaps.
Product-Group=junos
On all Junos OS platforms with inline Jflow enabled, the sampled route reflector process (srrd) might crash in a scenario where there are high route churns or flaps in the system. This is a rare timing issue and because of the crash, the Jflow export might report older route information for sometime.
PR Number Synopsis Category: SNMP Infrastructure (snmpd, mib2d)
1527251 SNMP might not work when IS-IS is disabled under VRF instance
Product-Group=junos
On all Junos platforms, SNMP polling might not work if the IS-IS protocol is disabled under the same virtual routing and forwarding (VRF) instance through which SNMP requests are sent.
1557384 The mib2d process crashes and generates a core dump on backup RE
Product-Group=junos
The mibd process might crash on backup RE and generate core dumps. No major impact due to this issue.
PR Number Synopsis Category: Stout cards (MPC7, MPC8, MPC9) microkernel issues
1513295 The specific type of line cards might crash after detaching or attaching the IFD
Product-Group=junos
When detaching or attaching the IFD, the IFD information might be missed or go wrong on the driver invoked by PFE, then IFD might not be detached or attached back to the system, the PFE might crash and attached line cards might crash too.
PR Number Synopsis Category: Trio pfe stateless firewall software
1586817 FPC might crash in a scaled firewall configuration
Product-Group=junos
On MX Series routers, PTX Series routers, and QFX Series switches running Junos OS, traffic loss might be observed in a scaled firewall filter configuration setup due to FPC crash. When the issue occurs, a core file is generated, which can be checked using the CLI command 'show system core-dumps'. host@device> show system core-dumps -rw-r--r-- 1 root wheel 89322187 /var/crash/core-NGMPC0.gz.core.0 ----> Core file
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1521222 ARP packets might be flooded continuously between DF and non-DF nodes in EVPN-MPLS multihoming scenario.
Product-Group=junos
In the EVPN-MPLS multihoming scenario, the ARP/NS-NA packets coming from the core-facing interface might get snooped and reinjected by l2alm causing flooding between DF (Designated Forwarder) and non-DF nodes. This issue may cause high CPU utilization in the FPC along with a storm.
1553917 ARP resolution might fail if ARP packets are received over multicast based VxLAN access network from CE
Product-Group=junos
On Trio based platform which acts as Provider Edge (PE) node for Ethernet VPN (EVPN) Virtual Extensible LAN (VxLAN), if Address Resolution Protocol (ARP) request packets are received over multicast based VxLAN network from the Customer Edge (CE) node, the ARP protocol data units (PDUs) might hit the implicit ARP snoop filter default term instead of the match term, and might not get snooped due to this issue. It will lead to ARP resolution failure and service impact.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1569047 Traffic loss might be observed when SCU accounting is configured and logical-systems is enabled
Product-Group=junos
On all Junos platforms with logical-systems enabled, when a source class usage(SCU) policy is configured on the main system while not on the logical-system, and if the logical-system comes up, the associated destination route in the SCU policy might not be installed. As a result, traffic destined to or passing through this IP address might get dropped. The example configuration for SCU accounting is below: set interfaces x/x/x unit 0 family inet accounting source-class-usage input set interfaces x/x/x unit 0 family inet accounting source-class-usage output
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1445917 Python op scripts are executed as user nobody if started from NETCONF session, not as logged in user, resulting in failing PyEZ connection to the device.
Product-Group=junos
When executed over Junos CLI, Python op script is started as a separate process with the same user as the user which started the script.However, when the python op script is started from NETCONF session, the script started as a process from user "nobody". If the script is using PyEZ session to connect to the device and execute RPC commands, it will return the following error from Pyez: ConnectError(host: None, msg: user "nobody" does not have access privileges.). This is fixed by executing with the python op script with the same user as the user from the NETCONF session which invoked op script. This means that the behavior from CLI and NETCONF sessions are the same.
1553116 Junos OS and Junos OS Evolved: python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API via timed processing of valid PKCS#1 v1.5 ciphertext (CVE-2020-25659)
Product-Group=junos
A vulnerability in the python cryptographic library as used in Juniper Networks Junos OS and Junos OS Evolved allows an attacker to perform timing oracle attacks against RSA decryption; Refer to https://kb.juniper.net/JSA11245 for more information.
1562153 Junos OS: Multiple vulnerabilities in cURL resolved
Product-Group=junos
Multiple vulnerabilities have been resolved in Juniper Networks Junos OS by updating cURL third party software. Please refer to https://kb.juniper.net/JSA11207 for more information.
PR Number Synopsis Category: Configuration management, ffp, load action
1592032 The apply-path configuration does not expand for the configuration under groups
Product-Group=junos
When there groups are configured under apply-path (for example, 'apply-path "groups <*> interfaces <*> unit <*> family inet address <*>'), the configuration will not expand and the expected feature programming of apply-path will not occur.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1555685 The chassisd core dump might be observed if PIC number 2 or 3 is used on MX204
Product-Group=junos
On MX204, if PIC number 2 or 3 is used for an interface under groups, the chassisd process might crash.
PR Number Synopsis Category: Issues related to XML, JSON handling
1518633 "show | display json" has invalid json format
Product-Group=junos
"show | display json" has invalid json format. Below are the 2 instances which may not work: 1. Automation scripts consuming json output may have unexpected behavior 2. Saving the configuration in json output format and then loading via "load override/merge ..." may give unexpected behavior. Above is not an exhaustive list of scenarios which may not work.
PR Number Synopsis Category: VMHOST platforms software
1547669 WR Linux 6 platforms and WR Linux 9 platforms might be stuck after upgrading or downgrading image version and restarting the device
Product-Group=junos
On Wind River Linux 6 (WR Linux 6) platforms and WR Linux 9 platforms using VMHOST based routing engine (RE), device might be stuck after upgrading image or downgrading image and reload the device. There is service impact if this issue happens.
PR Number Synopsis Category: PTX10016 platform software
1554430 The link on the Linux based LC is not brought down immediately after the FPC process(ukern/indus.elf) crashes or the process is killed
Product-Group=junos
On Linux based line card, such as MPC7/8/9, MX204 and MX10003, the link on such FPC is not brought down immediately after the FPC process(ukern/indus.elf) crashes or the process is killed, which causes a much longer traffic loss on the peer end.
 

18.4R2-S9 - List of Known issues

PR Number Synopsis Category: Marvell based EX PFE ACL
1611480 The fxpc process might crash and generate core
Product-Group=junos
On EX4600/QFX5K platforms, the fxpc process might crash and generate core when router-advertisement-guard is configured under DHCP (Dynamic Host Configuration Protocol) forwarding-options.
PR Number Synopsis Category: QFX PFE L2
1367488 Adding one more subinterface Logical interface to an existing interface causes 20-50 milliseconds traffic drop on the existing logical interface.
Product-Group=junos
In case of the access-side interfaces used as SP-style interfaces, when a new logical interface is added and if there is already a logical interface on the physical interface, there is 20--50 ms traffic drop on the existing logical interface.
PR Number Synopsis Category: "agentd" software daemon
1425477 Telemetry sensor installation might fail if there are similar sensor resource strings
Product-Group=junos
When subscribing to the same telemetry sensor, where the sensor resource strings only differ in whether or not there is a trailing slash character, sensor installation might fail.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1572577 The BFD session of DHCP subscriber does not come up on the MPC2E card and gets stuck in the "Down" state
Product-Group=junos
On all Junos platforms with MPC2E line cards, when DHCP client is configured with BFD, the BFD session of DHCP subscriber may not come up and gets stuck in the "Down" state.
PR Number Synopsis Category: BGP Openconfig and Sensor
1505425 The rpd process might crash in case of a network churn when the telemetry streaming is in progress
Product-Group=junos
On all Junos OS platforms with the Juniper Telemetry Interface configured, the rpd might crash when there is telemetry streaming is in progress and meanwhile there is a network churn. This is a timing issue, and the rpd recovers automatically.
PR Number Synopsis Category: MPC5/6E PFE ISSU software
1542882 The JNH memory leak could be observed on MPCs or MICs
Product-Group=junos
On all Junos platforms with Trio-based line cards, a Junos next-hop (JNH) memory leak might be observed. This issue is due to the counters applications under firewall filters taking the additional memory space from the shared JNH pool. In an extreme scenario, this could also lead to FPC crash.
PR Number Synopsis Category: PTX Chassis Manager
1517804 Junos OS: PTX1000 System: After upgrading, configured firewall filters may be applied on incorrect interfaces (CVE-2021-31382)
Product-Group=junos
On PTX1000 System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS, may update the devices interfaces with incorrect firewall filters. This issue only occurs when upgrading the device to an affected version of Junos OS. Refer to https://kb.juniper.net/JSA11250 for more information.
PR Number Synopsis Category: Firewall Filter
1514141 The system-generated name of the resulting concatenated filter from firewall filter list is same for different families
Product-Group=junos
The system-generated name of the concatenated filter from the firewall filter list is the same for different families. This will not cause any issue on CLI. However, if the firewall filter telemetry data is streamed via Junos Telemetry Interface (JTI), it might cause confusion on collector side because the firewall filter list for different families will be treated as one filter. In particular, if firewall filters having same firewall filter counter (or policer) name are used in firewall filter list for different families, the incorrect statistics might be seen on collector because the firewall filter counter (or policer) name for different families cannot be distinguished on collector side.
PR Number Synopsis Category: Control Plane for Node Virtualization
1472313 Chassis alarm on BSYS: RE0 to one or many FPCs is shown in em1: backup Routing Engine.
Product-Group=junos
In Junos Node Slicing environment, if a GNF RE mastership is not aligned with BSYS RE mastership (for example, BSYS master RE is on RE0 but GNF master RE is on RE1), a major chassis alarm would be reported on BSYS: "RE0 to one or many FPCs is via em1: Backup RE."
PR Number Synopsis Category: EA chip ( MQSS SW issues )
1503705 Traffic blackhole due to not disable-pfe in case of FO/WO checksum errors
Product-Group=junos
On MX platforms with MPC7/8/9/10/11, MX204/10K, EX92 or SRX5k with IOC4, in case of FO/WO errors, CMERRORs should be invoked and Major Alarms should trigger disable-pfe action. However, this does not happen. The following fixed has been made: 1. If WO/FO packet errors are seen in the continuous 3 periodic polling and the error packet count exceeds the threshold, raise a MAJOR CMERROR.Otherwise, display a syslog message. 2. Add VTY commands to display the WO/FO packet error interrupts.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1591264 Traffic loss might be seen under EVPN-VxLAN scenario when MAC-IP moves from one CE interface to another
Product-Group=junos
On all Junos/Junos Evolved platforms with EVPN-VxLAN scenario, the number of MAC-IP binding counters may reach the limit when MAC-IP is moved between interfaces. Since MAC-IP counters are not decremented when entry is deleted due to this defect, repeated moves will result in a limit (default value is 1024) that will be reached even though there are fewer entries. Meanwhile, traffic loss could be seen.
PR Number Synopsis Category: Express PFE FW Features
1420560 The firewall counter for lo0 interface might not increase
Product-Group=junos
The firewall counter for lo0 does not increase on PTX if lo0 filter family any is configured.
1432116 The FPC might crash when a firewall filter is modified.
Product-Group=junos
In QFX10K/PTX series platforms, if a firewall filter with multiple match conditions is configured on interfaces which are Up and the firewall filter is modified (either a new action is added or the condition is added/removed etc.), the FPC might crash and restart. It might affect the service/traffic.
1488310 QFX10K: Unable to set DSCP on an IRB firewall filter
Product-Group=junos
On QFX10K platforms, If family inet firewall filter includes an action "then dscp", attaching the filter to an IRB interface will fail with the following error message (example): Referenced filter 'test-in' cannot be used as "then dscp" not supported on irb. Filter will not be applied.
PR Number Synopsis Category: Interface Information Display
1574035 if-media-type missing from interface XML output on MX Series routers
Product-Group=junos
Extensible Markup Language (XML) is a standard for representing and communicating information. The Junos OSCLI and the Junos OS infrastructure communicate using XML. The operational command "show interface | display xml" displays the interface parameters in XML format. This output displays the media type if-media-type along with other parameters for the platforms like QFX Series switches. However, for MX Series routers, if-media-type parameter is not displayed in the output from day one. With the fix of this PR, the XML output for MX Series routers displays the if-media-type parameter for 1Gb interfaces only.
PR Number Synopsis Category: ISIS routing protocol
1482983 The output of the show isis interface detail command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long.
Product-Group=junos
If 'wide-metrics-only' is enabled for any IS-IS level and a metric configured on the IS-IS enabled interface for that level has ASCII representation in decimal more than 6 characters long, this interface's metric for that level will be merged with 'priority' field value in the output of 'show isis interface detail'.
1556575 Junos OS and Junos OS Evolved: An IS-IS adjacency might be taken down if a bad hello PDU is received for an existing adjacency causing a DoS (CVE-2021-31362)
Product-Group=junos
A Protection Mechanism Failure vulnerability in RPD (routing protocol daemon) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause established IS-IS adjacencies to go down by sending a spoofed hello PDU leading to a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11224 for more information.
PR Number Synopsis Category: Security platform jweb support
1449280 Junos OS: Stored Cross-Site Scripting (XSS) vulnerability in captive portal (CVE-2021-31355)
Product-Group=junos
A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device; Refer to https://kb.juniper.net/JSA11220 for more information.
1460162 Junos OS:SRX Series: Persistent XSS vulnerability in J-Web (CVE-2021-31373)
Product-Group=junos
A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series (CVE-2021-31373); Refer to https://kb.juniper.net/JSA11238 for more information.
1511853 Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root. (CVE-2021-0278)
Product-Group=junos
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. Please refer to https://kb.juniper.net/JSA11182 for more information.
1591145 Junos OS: J-Web: A path traversal vulnerability allows an authenticated attacker to elevate their privileges to root (CVE-2021-31385)
Product-Group=junos
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root. Please refer to https://kb.juniper.net/JSA11253 for more information.
1594516 Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root. (CVE-2021-31372)
Product-Group=junos
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated J-Web attacker to escalate their privileges to root over the target device.
PR Number Synopsis Category: Platform infra to support jvision
1575122 Telemetry is sending wrong value for interface last change
Product-Group=junos
Telemetry sends the wrong value for the interface last change, which does not match the timestamp seen on the device.
PR Number Synopsis Category: lldp sw on MX platform
1569312 Junos OS and Junos OS Evolved: LLDP Out-of-Bounds Read vulnerability in l2cpd (CVE-2021-0277)
Product-Group=junos
An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS), or may lead to remote code execution (RCE). Please refer to https://kb.juniper.net/JSA11181 for more information.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1555852 In the QFX10002-72Q line of switches, SNMP walk jnxOperatingEntry displays only two PSU even if four PSU are installed.
Product-Group=junos
In the QFX10002-72Q line of switches, SNMP walk jnxOperatingEntry displays only two PSU even if four PSU are installed.
1574779 Traffic loss might be observed due to faulty FPC on QFX10008/QFX10016 platform
Product-Group=junos
On QFX10008/QFX10016 platforms, if a faulty FPC (FPC with hardware problem) is present then traffic loss might be observed.
PR Number Synopsis Category: QFX L2 PFE
1560086 On the QFX5200 line of switches, the pseudorandom binary sequence (PRBS) test fails for 100GbE interfaces with the default settings.
Product-Group=junos
On the QFX5200 line of switches, the pseudorandom binary sequence (PRBS) test fails for 100GbE interfaces with the default settings.
1581045 Some transit traffic (OSPF & LLDP) over l2circuit will be honoured by the QFX5K when l2circuit goes down & may cause DDoS violation for these protocols
Product-Group=junos
In the Layer 2 circuit or circuit cross-connect scenario, Port/IFD will stay in UP state when the L2 circuit is brought down from remote or locally. When Layer 2 circuit is down or not operational and OSPF hello & LLDP packets are received on the access CE-facing interface, they may get punted to the CPU. Reason: Layer 2 only brings down access CE-facing logical interface (IFL), which is used to perform cross-connect in configuration.
PR Number Synopsis Category: QFX MPLS PFE
1589840 The MPLS traffic might not be forwarded after the aggregate interface flap on EX4350/EX4650/QFX5120
Product-Group=junosvae
On the EX4350/EX4650/QFX5120 platform with MPLS, the traffic might not be forwarded after the aggregate interface flap.
PR Number Synopsis Category: QFX EVPN / VxLAN
1550020 The traffic will not be load balanced properly in EVPN overlay-ecmp setup
Product-Group=junos
On QFX platforms with overlay-ecmp configuration for EVPN-VXLAN, the traffic might not get load balanced correctly when multi-traffic streams with different source addresses are sent across the overlay tunnels.
1565624 The mac address will point to incorrect interface after traffic is stopped and not aging out
Product-Group=junos
On QFX5k platforms, in evpn-vxlan scenario, when there is a mac move from vtep to local, the mac address will not be aged out after traffic with the same src mac is stopped, irb MAC from EVPN/VXLAN core device temporarily appears behind local ESI-LAG interface, local MAC table entry doesn't get expired. The mac address will be pointing to incorrect interface after traffic is stopped and not aging out.
PR Number Synopsis Category: QFX5100 Virtual Chassis
1619997 Disabled VCP (Virtual chassis port) will be UP after the optic on it is reseated.
Product-Group=junos
Disabled VCP by "request virtual-chassis vc-port set interface vcp-xx/xx/xx disable member XX" will be UP after the optic on it is reseated. It should keep disabling VC on the port. After it is UP and then Master switchover is performed, the port will be disabled.
PR Number Synopsis Category: KRT Queue issues within RPD
1498087 Traffic loss might be seen if the routing-instance is deactivated and then re-activated quickly
Product-Group=junos
In routing-instance with table next-hop scenario (e.g. if EVPN routing-instance is configured, the l2ald process creates a routing table and the EVPN adds a route pointing to this table as table next-hop in the rpd process), if the routing table created within the routing-instance is deleted and then re-added (e.g. deactivated and then re-activated the routing-instance) very fast before the rpd could delete the route pointing to the table next-hop, then the route in the rpd will end up using the staled table next-hop, hence resulting in traffic loss. Sampling configuration which delays the route deleting in the rpd increases the possibility of hitting the issue.
PR Number Synopsis Category: RPD policy options
1596436 BGP import policy is not applied to all the routes when CCNH inet6 is enabled
Product-Group=junos
BGP import policy might be not applied to all the routes when CCNH inet6 is configured.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1582030 Junos OS: MX Series: Traffic drops will be observed if MS-MPC/MS-PIC resources are consumed by certain traffic causing a partial DoS (CVE-2021-31369)
Product-Group=junos
On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated network attacker to cause a partial Denial of Service (DoS) with a high rate of specific traffic. If a Class of Service (CoS) rule is attached to the service-set and a high rate of specific traffic is processed by this service-set, for some of the other traffic which has services applied and is being processed by this MS-MPC/MS-MIC drops will be observed. Please refer to https://kb.juniper.net/JSA11231 for more information.
PR Number Synopsis Category: MX10002 Platform SW - Platform s/w defects
1426120 On MX204 or MX10003, MPC reboot or Routing Engine mastership switchover might occur.
Product-Group=junos
On MX204 and MX10003 platforms, if there's high rate of fragmented traffic received on the em3 interface, em3 watchdog timeout might occur. It could cause MPC reboot or RE mastership switchover.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1604622 File download using "request system download" might fail
Product-Group=junos
On a EX4400 device, any files scheduled for download using the cli command "request system download" might fail due to error. The files can be downloaded using normal ftp/scp commands on the device.
PR Number Synopsis Category: Virtual Private Networks - rpd
1567918 The rpd might crash during a race condition under BGP multipath scenario
Product-Group=junos
On all Junos/Junos Evolved platforms with BGP multipath scenario, the rpd crash might happen in a race condition. The next-hop type will be marked as "UNUSABLE" when a BGP peer restarts and the interface is down. The rpd crash happened when a multipath next-hop ("UNUSABLE") of a prefix has more than one path.
PR Number Synopsis Category: VSRX platform software
1603199 Junos OS: When using J-Web with HTTP an attacker may retrieve encryption keys via Person-in-the-Middle attacks. (CVE-2021-31386)
Product-Group=junos
A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the device. Refer to https://kb.juniper.net/JSA11254 for more information.
Modification History:
First publication 2021-10-28
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search