"value":"\nAn Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Network Junos OS on MX Series allows a network based attacker with low privileges to cause a denial of service.\n\nIf a scaled configuration for Source class usage (SCU) / destination class usage (DCU) (more than 10 route classes) is present and the SCU/DCU statistics are gathered by executing specific SNMP requests or CLI commands, a 'vmcore' for the RE kernel will be seen which leads to a device restart. Continued exploitation of this issue will lead to a sustained DoS.\n\nThis issue only affects MX Series devices with MPC10, MPC11 or LC9600, and MX304. No other MX Series devices are affected.\n\nThis issue affects Juniper Networks Junos OS:\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S6;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3;\n * 22.1 versions earlier than 22.1R3;\n * 22.2 versions earlier than 22.2R2;\n * 22.3 versions earlier than 22.3R2.\n\n\n\n\n\n\n"
}
]
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang":"eng",
"value":"CWE-754 Improper Check for Unusual or Exceptional Conditions",
"value":"<p>To be exposed to this issue a scaled SCU/DCU configuration with more than 10 classes needs to be present on the device:</p><code> [ policy-options policy-statement <policy name> term <term name> then source-class/destination-class <scu/dcu-class name1> ]</code><br/><code> ...</code><br/><code> [ policy-options policy-statement <policy name> term <term name> then source-class/destination-class <scu/dcu-class name11> ]</code><br/><code> [ interface <interface> unit <unit#> family <family> accounting source-class-usage/destination-class-usage input/output ]</code><br/>"
}
],
"value":"To be exposed to this issue a scaled SCU/DCU configuration with more than 10 classes needs to be present on the device:\n\n [ policy-options policy-statement <policy name> term <term name> then source-class/destination-class <scu/dcu-class name1> ]\n ...\n [ policy-options policy-statement <policy name> term <term name> then source-class/destination-class <scu/dcu-class name11> ]\n [ interface <interface> unit <unit#> family <family> accounting source-class-usage/destination-class-usage input/output ]\n"
}
],
"work_around":[
{
"lang":"en",
"supportingMedia":[
{
"base64":false,
"type":"text/html",
"value":"<p>There are no known workarounds for this issue.</p>"
}
],
"value":"There are no known workarounds for this issue.\n\n"
}
],
"exploit":[
{
"lang":"en",
"supportingMedia":[
{
"base64":false,
"type":"text/html",
"value":"<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"
}
],
"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"solution":[
{
"lang":"en",
"supportingMedia":[
{
"base64":false,
"type":"text/html",
"value":"<p>The following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S9, 21.2R3-S6, 21.3R3-S5, 21.4R3, 22.1R3, 22.2R2, 22.3R2, 22.4R1, and all subsequent releases.</p>"
}
],
"value":"The following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S9, 21.2R3-S6, 21.3R3-S5, 21.4R3, 22.1R3, 22.2R2, 22.3R2, 22.4R1, and all subsequent releases.\n\n"
