CVE-2020-1600Uncontrolled Resource Consumption in Networks Junos OS

CWE-400Uncontrolled Resource ConsumptionCWE-835Infinite Loop6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 55.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 15
Latest updateMay 24

Description

In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. This issue affects both SNMP over IPv4 and IPv6. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D90; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 1

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os12.3X4812.3X48-D90+16
NVDjuniper/junos16 versions+15

🔴Vulnerability Details

2
GHSA
GHSA-q7p8-h39r-cm7r: In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon2022-05-24
CVEList
Junos OS: A specific SNMP command can trigger a high CPU usage Denial of Service in the RPD daemon.2020-01-15

📋Vendor Advisories

1
Juniper
CVE-2020-1600: In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon2020-01-15

💬Community

2
Bugzilla
CVE-2019-13134 ImageMagick: a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c2019-07-02
Bugzilla
CVE-2019-13133 ImageMagick: a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c2019-07-02
CVE-2020-1600 — Uncontrolled Resource Consumption | cvebase