| Summary | On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3. |
|---|---|
| Publication Date | Oct. 17, 2020, 6:15 a.m. |
| Registration Date | Jan. 26, 2021, 11:54 a.m. |
| Last Update | Nov. 21, 2024, 2:11 p.m. |
| CVSS3.1 : HIGH | |
| スコア | 7.5 |
|---|---|
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 攻撃元区分(AV) | ネットワーク |
| 攻撃条件の複雑さ(AC) | 低 |
| 攻撃に必要な特権レベル(PR) | 不要 |
| 利用者の関与(UI) | 不要 |
| 影響の想定範囲(S) | 変更なし |
| 機密性への影響(C) | なし |
| 完全性への影響(I) | なし |
| 可用性への影響(A) | 高 |
| CVSS2.0 : MEDIUM | |
| Score | 4.3 |
|---|---|
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
| 攻撃元区分(AV) | ネットワーク |
| 攻撃条件の複雑さ(AC) | 中 |
| 攻撃前の認証要否(Au) | 不要 |
| 機密性への影響(C) | なし |
| 完全性への影響(I) | なし |
| 可用性への影響(A) | 低 |
| Get all privileges. | いいえ |
| Get user privileges | いいえ |
| Get other privileges | いいえ |
| User operation required | いいえ |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:o:juniper:junos:18.3:r2:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:17.4:r3:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:17.3:r3-s3:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:17.3:r3-s4:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:17.4:r2-s4:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.1:r1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:17.4:r2-s5:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:17.4:r2-s6:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:17.4:r2-s7:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.2:r1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.4:r2:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.2:r3:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.1:r3-s6:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.1:r3-s7:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.1:r1-s1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.1:r1-s3:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.1:r1-s2:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.2:r1-s1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.2:r1-s2:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.2:r3-s1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.3:r2-s1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.3:r2-s2:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:17.4:r2-s8:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.4:r2-s1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.3:r1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.4:r2-s2:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.2:r3-s2:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.1:r3-s8:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.2:r1-s3:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.3:r3:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.1:r2:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.4:r3:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.4:r2-s3:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.3:r3-s1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.1:r3-s9:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:17.3:r3-s7:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.1:r1-s4:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.3:r2-s3:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.2:r3-s3:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:17.4:r3-s1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:17.4:r2-s9:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:17.2:r3-s3:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.2x75:d51:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.4:r3-s1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.4:r2-s4:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.1:r2-s1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.1:r3:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.2x75:d60:*:*:*:*:*:* | |||||
| cpe:2.3:o:juniper:junos:18.2x75:d50:*:*:*:*:*:* | |||||
| Title | Juniper Networks Junos OS および Junos OS Evolved デバイスにおける脆弱性 |
|---|---|
| Summary | Juniper Networks Junos OS および Junos OS Evolved デバイスには、不特定の脆弱性が存在します。 |
| Possible impacts | サービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Oct. 14, 2020, midnight |
| Registration Date | April 27, 2021, 2:33 p.m. |
| Last Update | April 27, 2021, 2:33 p.m. |
| ジュニパーネットワークス |
| Junos OS |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2021年04月27日] 掲載 |
April 27, 2021, 2:33 p.m. |