CVE-2020-1608Improper Input Validation in Networks Junos OS

CWE-20Improper Input Validation5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 31.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 15
Latest updateMay 24

Description

Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of packets destined to BBE clients connected to MX Series subscriber management platforms. This issue affects MX Series running Juniper Networks Junos OS: 17.2 versions starting from17.2R2-S6, 17.2R3 and later releases, prior to 17.2R3-S3; 17.3 versions s

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os17.2R2-S6, 17.2R317.2*+9
NVDjuniper/junos10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-8wj2-ww8w-44pr: Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger2022-05-24
CVEList
Junos OS: MX Series: In BBE configurations, receipt of a specific MPLS or IPv6 packet causes a Denial of Service2020-01-15

📋Vendor Advisories

2
Microsoft
Microsoft Excel Remote Code Execution Vulnerability2020-12-08
Juniper
CVE-2020-1608: Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger2020-01-15
CVE-2020-1608 — Improper Input Validation | cvebase