Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

12.3R12-S20: Software Release Notification for JUNOS Software Version 12.3R12-S20

0

0

Article ID: TSB18249 TECHNICAL_BULLETINS Last Updated: 21 Dec 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
EX Series
Alert Description:
Junos Software Service Release version 12.3R12-S20 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Risk Risk Description
Low/Notification - No defined time impact to take action Software Release Notification
Impact Impact Description
Low/Notification - Monitor the situation but no action needed Software Release Notification

Solution:

Junos Software service Release version 12.3R12-S20 is now available.

12.3R12-S20 - List of Fixed issues
PR Number Synopsis Category: QFX L2 Protocols Control Plane related
1169252 The l2cpd process might crash with core dump when description of an interconnect interface on a LLDP neighbor is long greater than 32 chars
Product-Group=junos
When enable LLDP and interface description is long(greater that 32 chars) on remote switch, the l2cpd (Layer 2 Control Protocol process) might crash with core dump if performing SNMP MIB walk since LLDP code is running within l2cpd.
PR Number Synopsis Category: Security platform jweb support
1594516 Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root. (CVE-2021-31372)
Product-Group=junos
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated J-Web attacker to escalate their privileges to root over the target device. Refer to https://kb.juniper.net/JSA11237 for more information.
PR Number Synopsis Category: VSRX platform software
1603199 Junos OS: When using J-Web with HTTP an attacker may retrieve encryption keys via Person-in-the-Middle attacks. (CVE-2021-31386)
Product-Group=junos
A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the device. Refer to https://kb.juniper.net/JSA11254 for more information.
 
Modification History:
First publication 2021-12-21
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search