Executive Summary

This vulnerability is an Incorrect Calculation issue in the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS Evolved. It allows an unauthenticated network-adjacent attacker to flap the management interface, which causes the learning of new MAC addresses over label-switched interfaces (LSI) to stop. At the same time, it generates a flood of logs that results in high CPU usage on the affected device.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can impact you by causing the device to stop learning new MAC addresses over label-switched interfaces, which may disrupt network operations. Additionally, the flood of logs generated can lead to high CPU usage, potentially degrading device performance or causing denial of service conditions.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring the system logs for the specific log message generated when the issue occurs. The log message includes details such as 'op:1 flag:0x6 mac:xx:xx:xx:xx:xx:xx bd:2 ifl:13302 reason:0(REASON_NONE) i-op:6(INTRNL_OP_HW_FORCE_DELETE) status:10 lstatus:10 err:26(GETIFBD_VALIDATE_FAILED) err-reason 4(IFBD_VALIDATE_FAIL_EPOCH_MISMATCH)'. Checking for this log pattern can help identify the vulnerability being triggered. Specific commands are not provided in the available information.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps are not detailed in the provided information. However, since the vulnerability affects specific versions of Junos OS Evolved, upgrading to a fixed version (such as 21.4R3-S7-EVO or later versions listed) is implied as a mitigation. No explicit commands or configuration changes are provided.

Useful 0 Not Useful 0