An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources. When a device is configured with service-provider/SP style switching, and mac-limiting is configured on an Aggregated Ethernet (ae) interface, and then a PFE is restarted or the device is rebooted, mac-limiting doesnt work anymore. Please note that the issue might not be apparent as traffic will continue to flow through the device although the mac table and respective logs will indicate that mac limit is reached. Functionality can be restored by removing and re-adding the MAC limit configuration. This issue affects Juniper Networks Junos OS on QFX5k Series, EX46xx Series: All versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3 on; 21.4 versions prior to 21.4R3 on; 22.1 versions prior to 22.1R2 on.
The product has or supports multiple distributed components or sub-systems that are each required to keep their own local copy of shared data - such as state or cache - but the product does not ensure that all local copies remain consistent with each other.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Junos | Juniper | * | 20.2 (excluding) |
| Junos | Juniper | 20.2 (including) | 20.2 (including) |
| Junos | Juniper | 20.2-r1 (including) | 20.2-r1 (including) |
| Junos | Juniper | 20.2-r1-s1 (including) | 20.2-r1-s1 (including) |
| Junos | Juniper | 20.2-r1-s2 (including) | 20.2-r1-s2 (including) |
| Junos | Juniper | 20.2-r1-s3 (including) | 20.2-r1-s3 (including) |
| Junos | Juniper | 20.2-r2 (including) | 20.2-r2 (including) |
| Junos | Juniper | 20.2-r2-s1 (including) | 20.2-r2-s1 (including) |
| Junos | Juniper | 20.2-r2-s2 (including) | 20.2-r2-s2 (including) |
| Junos | Juniper | 20.2-r2-s3 (including) | 20.2-r2-s3 (including) |
| Junos | Juniper | 20.2-r3 (including) | 20.2-r3 (including) |
| Junos | Juniper | 20.2-r3-s1 (including) | 20.2-r3-s1 (including) |
| Junos | Juniper | 20.2-r3-s2 (including) | 20.2-r3-s2 (including) |
| Junos | Juniper | 20.2-r3-s3 (including) | 20.2-r3-s3 (including) |
| Junos | Juniper | 20.2-r3-s4 (including) | 20.2-r3-s4 (including) |
| Junos | Juniper | 20.3 (including) | 20.3 (including) |
| Junos | Juniper | 20.3-r1 (including) | 20.3-r1 (including) |
| Junos | Juniper | 20.3-r1-s1 (including) | 20.3-r1-s1 (including) |
| Junos | Juniper | 20.3-r1-s2 (including) | 20.3-r1-s2 (including) |
| Junos | Juniper | 20.3-r2 (including) | 20.3-r2 (including) |
| Junos | Juniper | 20.3-r2-s1 (including) | 20.3-r2-s1 (including) |
| Junos | Juniper | 20.3-r3 (including) | 20.3-r3 (including) |
| Junos | Juniper | 20.3-r3-s1 (including) | 20.3-r3-s1 (including) |
| Junos | Juniper | 20.3-r3-s2 (including) | 20.3-r3-s2 (including) |
| Junos | Juniper | 20.3-r3-s3 (including) | 20.3-r3-s3 (including) |
| Junos | Juniper | 20.3-r3-s4 (including) | 20.3-r3-s4 (including) |
| Junos | Juniper | 20.4 (including) | 20.4 (including) |
| Junos | Juniper | 20.4-r1 (including) | 20.4-r1 (including) |
| Junos | Juniper | 20.4-r1-s1 (including) | 20.4-r1-s1 (including) |
| Junos | Juniper | 20.4-r2 (including) | 20.4-r2 (including) |
| Junos | Juniper | 20.4-r2-s1 (including) | 20.4-r2-s1 (including) |
| Junos | Juniper | 20.4-r2-s2 (including) | 20.4-r2-s2 (including) |
| Junos | Juniper | 20.4-r3 (including) | 20.4-r3 (including) |
| Junos | Juniper | 20.4-r3-s1 (including) | 20.4-r3-s1 (including) |
| Junos | Juniper | 20.4-r3-s2 (including) | 20.4-r3-s2 (including) |
| Junos | Juniper | 20.4-r3-s3 (including) | 20.4-r3-s3 (including) |
| Junos | Juniper | 21.1 (including) | 21.1 (including) |
| Junos | Juniper | 21.1-r1 (including) | 21.1-r1 (including) |
| Junos | Juniper | 21.1-r1-s1 (including) | 21.1-r1-s1 (including) |
| Junos | Juniper | 21.1-r2 (including) | 21.1-r2 (including) |
| Junos | Juniper | 21.1-r2-s1 (including) | 21.1-r2-s1 (including) |
| Junos | Juniper | 21.1-r2-s2 (including) | 21.1-r2-s2 (including) |
| Junos | Juniper | 21.1-r3 (including) | 21.1-r3 (including) |
| Junos | Juniper | 21.1-r3-s1 (including) | 21.1-r3-s1 (including) |
| Junos | Juniper | 21.1-r3-s2 (including) | 21.1-r3-s2 (including) |
| Junos | Juniper | 21.2 (including) | 21.2 (including) |
| Junos | Juniper | 21.2-r1 (including) | 21.2-r1 (including) |
| Junos | Juniper | 21.2-r1-s1 (including) | 21.2-r1-s1 (including) |
| Junos | Juniper | 21.2-r1-s2 (including) | 21.2-r1-s2 (including) |
| Junos | Juniper | 21.2-r2 (including) | 21.2-r2 (including) |
| Junos | Juniper | 21.2-r2-s1 (including) | 21.2-r2-s1 (including) |
| Junos | Juniper | 21.2-r2-s2 (including) | 21.2-r2-s2 (including) |
| Junos | Juniper | 21.2-r3 (including) | 21.2-r3 (including) |
| Junos | Juniper | 21.3 (including) | 21.3 (including) |
| Junos | Juniper | 21.3-r1 (including) | 21.3-r1 (including) |
| Junos | Juniper | 21.3-r1-s1 (including) | 21.3-r1-s1 (including) |
| Junos | Juniper | 21.3-r1-s2 (including) | 21.3-r1-s2 (including) |
| Junos | Juniper | 21.3-r2 (including) | 21.3-r2 (including) |
| Junos | Juniper | 21.3-r2-s1 (including) | 21.3-r2-s1 (including) |
| Junos | Juniper | 21.3-r2-s2 (including) | 21.3-r2-s2 (including) |
| Junos | Juniper | 21.4 (including) | 21.4 (including) |
| Junos | Juniper | 21.4-r1 (including) | 21.4-r1 (including) |
| Junos | Juniper | 21.4-r1-s1 (including) | 21.4-r1-s1 (including) |
| Junos | Juniper | 21.4-r1-s2 (including) | 21.4-r1-s2 (including) |
| Junos | Juniper | 21.4-r2 (including) | 21.4-r2 (including) |
| Junos | Juniper | 22.1-r1 (including) | 22.1-r1 (including) |
| Junos | Juniper | 22.1-r1-s1 (including) | 22.1-r1-s1 (including) |
In highly distributed environments, or on systems with distinct physical components that operate independently, there is often a need for each component to store and update its own local copy of key data such as state or cache, so that all components have the same “view” of the overall system and operate in a coordinated fashion. For example, users of a social media service or a massively multiplayer online game might be using their own personal computers while also interacting with different physical hosts in a globally distributed service, but all participants must be able to have the same “view” of the world. Alternately, a processor’s Memory Management Unit (MMU) might have “shadow” MMUs to distribute its workload, and all shadow MMUs are expected to have the same accessible ranges of memory. In such environments, it becomes critical for the product to ensure that this “shared state” is consistently modified across all distributed systems. If state is not consistently maintained across all systems, then critical transactions might take place out of order, or some users might not get the same data as other users. When this inconsistency affects correctness of operations, it can introduce vulnerabilities in mechanisms that depend on consistent state.