CVE-2021-0203

Summary

On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. Storm Control enables the device to monitor traffic levels and to drop broadcast, multicast, and unknown unicast packets when a specified traffic level is exceeded, thus preventing packets from proliferating and degrading the LAN. Note: this issue does not affect EX2200, EX3300, EX4200, and EX9200 Series. This issue affects Juniper Networks Junos OS on EX Series and QFX5K Series: 15.1 versions prior to 15.1R7-S7; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS15.1 < 15.1R7-S7affected
Juniper NetworksJunos OS16.1 < 16.1R7-S8affected
Juniper NetworksJunos OS17.2 < 17.2R3-S4affected
Juniper NetworksJunos OS17.3 < 17.3R3-S8affected
Juniper NetworksJunos OS17.4 < 17.4R2-S11, 17.4R3-S2affected
Juniper NetworksJunos OS18.1 < 18.1R3-S10affected
Juniper NetworksJunos OS18.2 < 18.2R3-S5affected
Juniper NetworksJunos OS18.3 < 18.3R2-S4, 18.3R3-S2affected
Juniper NetworksJunos OS18.4 < 18.4R2-S5, 18.4R3-S3affected
Juniper NetworksJunos OS19.1 < 19.1R2-S2, 19.1R3-S2affected
Juniper NetworksJunos OS19.2 < 19.2R1-S5, 19.2R2-S1, 19.2R3affected
Juniper NetworksJunos OS19.3 < 19.3R2-S4, 19.3R3affected
Juniper NetworksJunos OS19.4 < 19.4R1-S3, 19.4R2-S1, 19.4R3affected
Juniper NetworksJunos OS20.1 < 20.1R1-S2, 20.1R2affected

Weaknesses

  • CWE-794: CWE-794: Incomplete Filtering of Multiple Instances of Special Elements

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

References