A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent malicious user to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions before 15.1R7-S12; 18.4 versions before 18.4R2-S10, 18.4R3-S11; 19.1 versions before 19.1R3-S8; 19.2 versions before 19.2R1-S9, 19.2R3-S4; 19.3 versions before 19.3R3-S5; 19.4 versions before 19.4R2-S6, 19.4R3-S7; 20.1 versions before 20.1R3-S3; 20.2 versions before 20.2R3-S3; 20.3 versions before 20.3R3-S2; 20.4 versions before 20.4R3-S1; 21.1 versions before 21.1R3; 21.2 versions before 21.2R2-S1, 21.2R3; 21.3 versions before 21.3R1-S2, 21.3R2.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
juniper junos |
||
juniper junos 15.1 |
||
juniper junos 18.4 |
||
juniper junos 19.1 |
||
juniper junos 19.2 |
||
juniper junos 19.3 |
||
juniper junos 19.4 |
||
juniper junos 20.1 |
||
juniper junos 20.2 |
||
juniper junos 20.3 |
||
juniper junos 20.4 |
||
juniper junos 21.1 |
||
juniper junos 21.2 |
||
juniper junos 21.3 |
Vulmon