CVE-2021-0202
📋 TL;DR
This vulnerability causes a memory leak in Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC when specific IRB and VPLS/bridge-domain configurations are present. The memory leak can lead to out-of-memory conditions and MPC restarts, causing temporary traffic interruptions. It affects specific Junos OS versions on these platforms.
💻 Affected Systems
- Juniper Networks MX Series
- Juniper Networks EX9200 Series
📦 What is this software?
Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →⚠️ Risk & Real-World Impact
Worst Case
Repeated MPC restarts causing sustained network outages and service disruption until the underlying issue is resolved.
Likely Case
Intermittent traffic interruptions due to MPC restarts triggered by memory exhaustion from the leak.
If Mitigated
Temporary traffic blips during MPC restarts, with monitoring allowing for quick detection and remediation.
🎯 Exploit Status
Exploitation requires specific network conditions and configurations, making it less likely to be weaponized but still impactful when triggered.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after those listed in affected versions; refer to Juniper advisory for specific fixed releases.
Vendor Advisory: https://kb.juniper.net/JSA11092
Restart Required: Yes
Instructions:
1. Check current Junos OS version. 2. Refer to Juniper advisory JSA11092 for fixed releases. 3. Upgrade to a fixed version. 4. Reboot affected devices after upgrade.
🔧 Temporary Workarounds
Monitor memory usage
allRegularly check MPC memory usage to detect early signs of the leak and manually restart if needed.
show system resource-monitor fpc
🧯 If You Can't Patch
- Avoid or reconfigure IRB interfaces mapped to VPLS instances or bridge-domains on affected platforms.
- Implement network monitoring to detect MPC restarts and memory exhaustion events.
🔍 How to Verify
Check if Vulnerable:
Check Junos OS version and configuration for IRB interfaces mapped to VPLS/bridge-domain on Trio-based MPC.Check Version:
show versionVerify Fix Applied:
Verify Junos OS version is updated to a fixed release and monitor for memory leak symptoms.📡 Detection & Monitoring
Log Indicators:
- MPC restart logs
- Memory exhaustion warnings
- Increased '% NH mem Free' depletion in resource monitor
Network Indicators:
- Intermittent traffic drops
- Increased latency during MPC restarts
SIEM Query:
Search for logs containing 'MPC restart', 'memory leak', or '% NH mem Free' below 20% on Juniper devices.