U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

Vulnerability Change Records for CVE-2021-0280

Change History

CVE Modified by Juniper Networks, Inc. 7/15/2021 5:15:08 PM

Action Type Old Value New Value
Changed Description 
Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards, ddos-protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS (Distributed Denial of Service) settings in the Packet Forwarding Engine (PFE). This may cause BFD sessions to flap when a high rate of specific packets are received. Flapping of BFD sessions in turn may impact routing protocols and network stability, leading to a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.

This issue affects only the following platforms with Paradise (PE) chipset-based line cards:
PTX1000, PTX3000 (NextGen), PTX5000, PTX10008, PTX10016 Series and QFX10002 Series.
This issue affects:
Juniper Networks Junos OS
17.4 versions prior to 17.4R3-S5 on PTX Series, QFX10K Series;
18.2 versions prior to 18.2R3-S8 on PTX Series, QFX10K Series;
18.3 versions prior to 18.3R3-S5 on PTX Series, QFX10K Series;
18.4 versions prior to 18.4R2-S8 on PTX Series, QFX10K Series;
19.1 versions prior to 19.1R3-S5 on PTX Series, QFX10K Series;
19.2 versions prior to 19.2R3-S2 on PTX Series, QFX10K Series;
19.3 versions prior to 19.3R3-S2 on PTX Series, QFX10K Series;
19.4 versions prior to 19.4R3-S2 on PTX Series, QFX10K Series;
20.1 versions prior to 20.1R3 on PTX Series, QFX10K Series;
20.2 versions prior to 20.2R2-S3, 20.2R3 on PTX Series, QFX10K Series;
20.3 versions prior to 20.3R2 on PTX Series, QFX10K Series;
20.4 versions prior to 20.4R2 on PTX Series, QFX10K Series.
 
Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards, ddos-protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS (Distributed Denial of Service) settings in the Packet Forwarding Engine (PFE). This may cause BFD sessions to flap when a high rate of specific packets are received. Flapping of BFD sessions in turn may impact routing protocols and network stability, leading to a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only the following platforms with Paradise (PE) chipset-based line cards: PTX1000, PTX3000 (NextGen), PTX5000, PTX10008, PTX10016 Series and QFX10002 Series. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R3-S5 on PTX Series, QFX10K Series; 18.2 versions prior to 18.2R3-S8 on PTX Series, QFX10K Series; 18.3 versions prior to 18.3R3-S5 on PTX Series, QFX10K Series; 18.4 versions prior to 18.4R2-S8 on PTX Series, QFX10K Series; 19.1 versions prior to 19.1R3-S5 on PTX Series, QFX10K Series; 19.2 versions prior to 19.2R3-S2 on PTX Series, QFX10K Series; 19.3 versions prior to 19.3R3-S2 on PTX Series, QFX10K Series; 19.4 versions prior to 19.4R3-S2 on PTX Series, QFX10K Series; 20.1 versions prior to 20.1R3 on PTX Series, QFX10K Series; 20.2 versions prior to 20.2R2-S3, 20.2R3 on PTX Series, QFX10K Series; 20.3 versions prior to 20.3R2 on PTX Series, QFX10K Series; 20.4 versions prior to 20.4R2 on PTX Series, QFX10K Series.