CVE-2021-0264

A vulnerability in the processing of traffic matching a firewall filter containing a syslog action in Juniper Networks Junos OS on MX Series with MPC10/MPC11 cards installed, PTX10003 and PTX10008 Series devices, will cause the line card to crash and restart, creating a Denial of Service (DoS). Continued receipt and processing of packets matching the firewall filter can create a sustained Denial of Service (DoS) condition. When traffic hits the firewall filter, configured on lo0 or any physical interface on the line card, containing a term with a syslog action (e.g. 'term <name> then syslog'), the affected line card will crash and restart, impacting traffic processing through the ports of the line card. This issue only affects MX Series routers with MPC10 or MPC11 line cards, and PTX10003 or PTX10008 Series packet transport routers. No other platforms or models of line cards are affected by this issue. Note: This issue has also been identified and described in technical service bulletin TSB17931 (login required). This issue affects: Juniper Networks Junos OS on MX Series: 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved on PTX10003, PTX10008: All versions prior to 20.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1.

A vulnerability in the processing of traffic matching a firewall filter containing a syslog action in Juniper Networks Junos OS on MX Series with MPC10/MPC11 cards installed, PTX10003 and PTX10008 Series devices, will cause the line card to crash and restart, creating a Denial of Service (DoS). Continued receipt and processing of packets matching the firewall filter can create a sustained Denial of Service (DoS) condition. When traffic hits the firewall filter, configured on lo0 or any physical interface on the line card, containing a term with a syslog action (e.g. 'term <name> then syslog'), the affected line card will crash and restart, impacting traffic processing through the ports of the line card. This issue only affects MX Series routers with MPC10 or MPC11 line cards, and PTX10003 or PTX10008 Series packet transport routers. No other platforms or models of line cards are affected by this issue. Note: This issue has also been identified and described in technical service bulletin TSB17931 (login required). This issue affects: Juniper Networks Junos OS on MX Series: 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved on PTX10003, PTX10008: All versions prior to 20.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1.

Una vulnerabilidad en el procesamiento del tráfico que coincide con un filtro de firewall que contiene una acción de syslog en Juniper Networks Junos OS en la Serie MX con tarjetas MPC10/MPC11 instaladas, dispositivos de la Serie PTX10003 y PTX10008, causará que la tarjeta de línea se bloquee y se reinicie, creando una Denegación de Servicio (DoS). La recepción y el procesamiento continuo de paquetes que coinciden con el filtro de firewall puede crear una condición sostenida de Denegación de Servicio (DoS). Cuando el tráfico llega al filtro de firewall, configurado en lo0 o cualquier interfaz física en la tarjeta de línea, que contiene un término con una acción de syslog (por ejemplo "term then syslog"), la tarjeta de línea afectada se bloqueará y reiniciará, lo que afectará el procesamiento del tráfico por medio de los puertos de la tarjeta de línea. Este problema solo afecta a los enrutadores de la serie MX con tarjetas de línea MPC10 o MPC11 y a los enrutadores de transporte de paquetes de las series PTX10003 o PTX10008. Este problema no afecta a otras plataformas o modelos de tarjetas de línea. Nota: Este problema también se ha identificado y descrito en el boletín de servicio técnico TSB17931 (es necesario iniciar sesión). Este problema afecta a: Juniper Networks Junos OS en la serie MX: versiones 19.3 anteriores a 19.3R3-S2; versiones 19.4 anteriores a 19.4R3-S2; 20.1 versiones anteriores a 20.1R3; versiones 20.2 anteriores a 20.2R2-S2, 20.2R3; versiones 20.3 anteriores a 20.3R3; versiones 20.4 anteriores a 20.4R2. Juniper Networks Junos OS Evolved en PTX10003, PTX10008: Todas las versiones anteriores a 20.4R2-EVO. Este problema no afecta a Juniper Networks Junos OS versiones anteriores a 19.3R1