CVE-2020-1617 — Improper Initialization in Networks Junos OS

CWE-665 — Improper Initialization4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 28.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedApr 8

Latest updateMay 24

Description

This issue occurs on Juniper Networks Junos OS devices which do not support Advanced Forwarding Interface (AFI) / Advanced Forwarding Toolkit (AFT). Devices using AFI and AFT are not exploitable to this issue. An improper initialization of memory in the packet forwarding architecture in Juniper Networks Junos OS non-AFI/AFT platforms which may lead to a Denial of Service (DoS) vulnerability being exploited when a genuine packet is received and inspected by non-AFT/AFI sFlow and when the device i…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os17.4 — 17.4R2-S9, 17.4R3+4

▶NVDjuniper/junos6 versions+5

🔴Vulnerability Details

GHSA

GHSA-m8wv-5v63-5fqp: This issue occurs on Juniper Networks Junos OS devices which do not support Advanced Forwarding Interface (AFI) / Advanced Forwarding Toolkit (AFT)↗2022-05-24

▶

CVEList

Junos OS: PTX1000 and PTX10000 Series, QFX10000 Series using non-AFT architectures: A specific genuine packet inspected by sFlow will cause a reboot.↗2020-04-08

▶

📋Vendor Advisories

Juniper

CVE-2020-1617: This issue occurs on Juniper Networks Junos OS devices which do not support Advanced Forwarding Interface (AFI) / Advanced Forwarding Toolkit (AFT). D↗2020-04-08

▶