CVE-2021-0257
On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port Concentrators) where Integrated Routing and Bridging (IRB) interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge (CE) devices may cause memory leaks in the MPC of Provider Edge (PE) devices which can cause an out of memory condition and MPC restart. When this issue occurs, there will be temporary traffic interruption until the MPC is restored. An administrator can use the following CLI command to monitor the status of memory usage level of the MPC: user@device> show system resource-monitor fpc FPC Resource Usage Summary Free Heap Mem Watermark : 20 % Free NH Mem Watermark : 20 % Free Filter Mem Watermark : 20 % * - Watermark reached Slot # % Heap Free RTT Average RTT 1 87 PFE # % ENCAP mem Free % NH mem Free % FW mem Free 0 NA 88 99 1 NA 89 99 When the issue is occurring, the value of “% NH mem Free” will go down until the MPC restarts. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines), including MX-MPC1-3D, MX-MPC1E-3D, MX-MPC2-3D, MX-MPC2E-3D, MPC-3D-16XGE, and CHAS-MXxx Series MPCs. No other products or platforms are affected by this issue. This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R3-S3; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.2 versions prior to 20.2R1-S3, 20.2R2; 20.3 versions prior to 20.3R1-S1,, 20.3R2. This issue does not affect Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R3-S2; 18.1; 18.2 versions prior to 18.2R3-S4; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R3-S1; 19.1; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2.
EPSS 0.08% · 23.8th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| juniper | junos | 17.3, 17.3, 17.3 |
| Juniper Networks | Junos OS | 17.3, 17.4, 18.2 |
Timeline
- Apr 22, 2021 CVE Published
- Apr 27, 2021 EPSS Score
- Jun 30, 2021 EPSS Score
- Aug 31, 2021 EPSS Score
- Nov 2, 2021 EPSS Score
- Jan 3, 2022 EPSS Score
- Mar 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 7, 2022 EPSS Score
- Jul 8, 2022 EPSS Score
- Sep 10, 2022 EPSS Score
- Nov 11, 2022 EPSS Score
References
- https://kb.juniper.net/JSA11148 url
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11140 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11118 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11139 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11121 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11161 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11125 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11149 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11117 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11116 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11126 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11124 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11123 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11148 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11122 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11119 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11120 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-0257 advisory