juniper junos 控制流实现总是不正确

admin

0
文章

0
评论

2023-12-01 15:03:16 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

juniper junos 控制流实现总是不正确

CVE编号

CVE-2021-0273

利用情况

暂无

补丁情况

N/A

披露时间

2021-04-23

漏洞描述

An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to cause packets destined to the devices interfaces to cause a Denial of Service (DoS) condition by looping the packet with an unreachable exit condition ('Infinite Loop'). To break this loop once it begins one side of the affected LT interfaces will need to be disabled. Once disabled, the condition will clear and the disabled LT interface can be reenabled. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only affects LT-LT interfaces. Any other interfaces are not affected by this issue. This issue affects the following cards: MPCE Type 3 3D MPC4E 3D 32XGE MPC4E 3D 2CGE+8XGE EX9200 32x10G SFP EX9200-2C-8XS FPC Type 5-3D FPC Type 5-LSR EX9200 4x40G QSFP An Indicator of Compromise (IoC) can be seen by examining the traffic of the LT-LT interfaces for excessive traffic using the following command: monitor interface traffic Before loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3759900268942 (1456 bps) [0] <---------- LT interface utilization is low Output bytes: 3759900344309 (1456 bps) [0] <---------- LT interface utilization is low After loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3765160313129 (2158268368 bps) [5260044187] <---------- LT interface utilization is very high Output bytes: 3765160399522 (2158266440 bps) [5260055213] <---------- LT interface utilization is very high This issue affects: Juniper Networks Junos OS on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960. Versions 15.1F6, 16.1R1, and later versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. This issue does not affect the MX10001. This issue does not affect Juniper Networks Junos OS versions prior to 15.1F6, 16.1R1. Juniper Networks Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 19.4 versions prior to 19.4R2-EVO. This issue does not affect the MX10001.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://kb.juniper.net/JSA11164

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	系统	juniper	junos	15.1	-
	运行在以下环境
	系统	juniper	junos	15.2	-
	运行在以下环境
	系统	juniper	junos	16.1	-
	运行在以下环境
	系统	juniper	junos	17.1	-
	运行在以下环境
	系统	juniper	junos	17.2	-
	运行在以下环境
	系统	juniper	junos	17.3	-
	运行在以下环境
	系统	juniper	junos	17.4	-
	运行在以下环境
	系统	juniper	junos	18.1	-
	运行在以下环境
	系统	juniper	junos	18.2	-
	运行在以下环境
	系统	juniper	junos	18.3	-
	运行在以下环境
	系统	juniper	junos	18.4	-
	运行在以下环境
	系统	juniper	junos	19.1	-
	运行在以下环境
	系统	juniper	junos	19.3	-
	运行在以下环境
	系统	juniper	junos	19.4	-
	运行在以下环境
	系统	juniper	junos_os_evolved	19.4	-
	运行在以下环境
	硬件	juniper	acx5800	-	-
	运行在以下环境
	硬件	juniper	ex9200	-	-
	运行在以下环境
	硬件	juniper	mx10008	-	-
	运行在以下环境
	硬件	juniper	mx10016	-	-
	运行在以下环境
	硬件	juniper	mx240	-	-
	运行在以下环境
	硬件	juniper	mx480	-	-
	运行在以下环境
	硬件	juniper	mx960	-	-