An uncontrolled resource consumption vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series switches allows an attacker sending large amounts of legitimate traffic destined to the device to cause Interchassis Control Protocol (ICCP) interruptions, leading to an unstable control connection between the Multi-Chassis Link Aggregation Group (MC-LAG) nodes which can in turn lead to traffic loss. Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition. An indication that the system could be impacted by this issue is the following log message: "DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for protocol/exception LOCALNH:aggregate exceeded its allowed bandwidth at fpc <fpc number> for <n> times, started at <timestamp>" This issue affects Juniper Networks Junos OS on QFX5000 Series and EX4600 Series: 15.1 versions before 15.1R7-S9; 17.3 versions before 17.3R3-S11; 17.4 versions before 17.4R2-S13, 17.4R3-S5; 18.3 versions before 18.3R3-S5; 18.4 versions before 18.4R2-S8, 18.4R3-S7; 19.1 versions before 19.1R3-S5; 19.2 versions before 19.2R1-S6, 19.2R3-S2; 19.3 versions before 19.3R2-S6, 19.3R3-S2; 19.4 versions before 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions before 20.1R2-S2, 20.1R3; 20.2 versions before 20.2R2-S3, 20.2R3; 20.3 versions before 20.3R2; 20.4 versions before 20.4R1-S1, 20.4R2.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
juniper junos 15.1 |
||
juniper junos 17.3 |
||
juniper junos 17.4 |
||
juniper junos 18.3 |
||
juniper junos 18.4 |
||
juniper junos 19.1 |
||
juniper junos 19.2 |
||
juniper junos 19.3 |
||
juniper junos 19.4 |
||
juniper junos 20.1 |
||
juniper junos 20.2 |
||
juniper junos 20.3 |
||
juniper junos 20.4 |