Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It exists that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue affects Juniper Networks Junos OS: 14.1X53 versions before 14.1X53-D53 on EX4300; 15.1 versions before 15.1R7-S6 on EX4300; 15.1X49 versions before 15.1X49-D200, 15.1X49-D210 on EX4300; 16.1 versions before 16.1R7-S7 on EX4300; 17.1 versions before 17.1R2-S11, 17.1R3-S2 on EX4300; 17.2 versions before 17.2R3-S3 on EX4300; 17.3 versions before 17.3R2-S5, 17.3R3-S7 on EX4300; 17.4 versions before 17.4R2-S9, 17.4R3 on EX4300; 18.1 versions before 18.1R3-S8 on EX4300; 18.2 versions before 18.2R3-S2 on EX4300; 18.3 versions before 18.3R2-S3, 18.3R3, 18.3R3-S1 on EX4300; 18.4 versions before 18.4R1-S5, 18.4R2-S3, 18.4R3 on EX4300; 19.1 versions before 19.1R1-S4, 19.1R2 on EX4300; 19.2 versions before 19.2R1-S4, 19.2R2 on EX4300; 19.3 versions before 19.3R1-S1, 19.3R2 on EX4300.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
juniper junos 14.1x53 |
||
juniper junos 15.1 |
||
juniper junos 15.1x49 |
||
juniper junos 16.1 |
||
juniper junos 17.1 |
||
juniper junos 17.2 |
||
juniper junos 17.3 |
||
juniper junos 17.4 |
||
juniper junos 18.1 |
||
juniper junos 18.2 |
||
juniper junos 18.3 |
||
juniper junos 18.4 |
||
juniper junos 19.1 |
||
juniper junos 19.2 |
||
juniper junos 19.3 |
Vulmon