Design/Logic Flaw

2021-01-1518:15:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.7%

JSON

When the “Intrusion Detection Service” (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the prefix as /32, causing the filter to block unexpected traffic. This issue affects only IPv6 prefixes when used as source and destination. This issue affects MX Series devices using MS-MPC, MS-MIC or MS-SPC3 service cards with IDS service configured. This issue affects: Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S10 on MX Series; 17.4 versions prior to 17.4R3-S3 on MX Series; 18.1 versions prior to 18.1R3-S11 on MX Series; 18.2 versions prior to 18.2R3-S6 on MX Series; 18.3 versions prior to 18.3R3-S4 on MX Series; 18.4 versions prior to 18.4R3-S6 on MX Series; 19.1 versions prior to 19.1R2-S2, 19.1R3-S3 on MX Series; 19.2 versions prior to 19.2R3-S1 on MX Series; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1 on MX Series; 19.4 versions prior to 19.4R3 on MX Series; 20.1 versions prior to 20.1R2 on MX Series; 20.2 versions prior to 20.2R2 on MX Series;

CPENameOperatorVersion
junoseq17.3
junoseq17.3 r2
junoseq17.3
junoseq17.3
junoseq17.3
junoseq17.3
junoseq17.3 r3
junoseq17.3
junoseq17.3
junoseq17.3

Name	Operator	Version
junos	eq	17.3
junos	eq	17.3 r2
junos	eq	17.3
junos	eq	17.3
junos	eq	17.3
junos	eq	17.3
junos	eq	17.3 r3
junos	eq	17.3
junos	eq	17.3
junos	eq	17.3

Rows per page:

1-10 of 1441

References

kb.juniper.net/JSA11095