CVE-2020-1601 — Improper Input Validation in Networks Junos OS

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGHNVD

CNA5.3

EPSS

0.4%

top 38.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJan 15

Latest updateMay 24

Description

Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS). Continued receipt of this family of malformed PCEP packets will cause an extended Denial of Servi…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os15.1 — 15.1F6-S13, 15.1R7-S4+13

▶NVDjuniper/junos14 versions+13

🔴Vulnerability Details

GHSA

GHSA-p8w7-f589-855p: Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving↗2022-05-24

▶

CVEList

Junos OS: Upon receipt of certain types of malformed PCEP packets the pccd process may crash.↗2020-01-15

▶

📋Vendor Advisories

Juniper

CVE-2020-1601: Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving↗2020-01-15

▶