CVE-2020-1646

On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO. Other Junos OS releases are not affected.

CVSS v3 7.5 HIGH
CVSS v2.0 4.3 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://kb.juniper.net/JSA11033	Vendor Advisory
https://kb.juniper.net/JSA11033	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:juniper:junos:17.3:r3-s6::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s7::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s7::::::
	cpe:2.3:o:juniper:junos_os_evolved:19.2:r2::::::

History

21 Nov 2024, 05:11

Type	Values Removed	Values Added
References	~~() https://kb.juniper.net/JSA11033 - Vendor Advisory~~	() https://kb.juniper.net/JSA11033 - Vendor Advisory

Information

Published : 2020-07-17 19:15

Updated : 2024-11-21 05:11

NVD link : CVE-2020-1646

Mitre link : CVE-2020-1646

CVE.ORG link : CVE-2020-1646

JSON object : View

Products Affected

juniper

junos
junos_os_evolved

CWE

CWE-159

Improper Handling of Invalid Use of Special Elements

NVD-CWE-noinfo

{"id": "CVE-2020-1646", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-07-17T19:15:13.047", "references": [{"url": "https://kb.juniper.net/JSA11033", "tags": ["Vendor Advisory"], "source": "sirt@juniper.net"}, {"url": "https://kb.juniper.net/JSA11033", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-159"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO. Other Junos OS releases are not affected."}, {"lang": "es", "value": "En los dispositivos Juniper Networks Junos OS y Junos OS Evolved, el procesamiento de un UPDATE espec\u00edfica para un peer EBGP puede conllevar a un bloqueo y reinicio del demonio del proceso de enrutamiento (RPD). Este problema se produce solo cuando el dispositivo est\u00e1 recibiendo y procesando la BGP UPDATE para un peer EBGP. Este problema no se produce cuando el dispositivo recibe y procesa el BGP UPDATE para un peer IBGP. Sin embargo, el BGP UPDATE ofensivo puede provenir originalmente desde un peer EBGP, se propaga por medio de la red por medio de los peer IBGP sin causar un bloqueo, luego causa un bloqueo de RPD cuando es procesado para un BGP UPDATE hacia un peer EBGP. La recepci\u00f3n y el procesamiento repetido de la misma BGP UPDATE espec\u00edfica pueden resultar en una condici\u00f3n extendida de Denegaci\u00f3n de Servicio (DoS). Este problema afecta a: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7 y 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO y versiones posteriores, anteriores a 19.3R1-EVO. Otras versiones del Junos OS no est\u00e1n afectadas"}], "lastModified": "2024-11-21T05:11:04.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F431D3D-5D55-45A9-98E8-00CB1D4C0196"}, {"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E327643-D8D8-4EFA-9F38-BA862A919501"}, {"criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "330D176F-8DAD-440C-A623-44FA233FAB01"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.2:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14C57D33-01BB-4190-B787-F5BDACE82AFD"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@juniper.net"}