CVE-2020-1632 — Improper Handling of Exceptional Conditions in Networks Junos OS

CWE-755 — Improper Handling of Exceptional Conditions4 documents4 sources

Severity

8.6HIGHNVD

EPSS

0.6%

top 31.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedApr 15

Latest updateMay 24

Description

In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. For example, Router A sends a specific BGP UPDATE to Router B, causing Router B to send an invalid BGP UPDATE message to Router C, resulting in termination of the BGP session between Router B and R…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 19.2R2-EVO

▶CVEListV5juniper_networks/junos_os16.1 — 16.1R7-S6+13

▶NVDjuniper/junos_os_evolved19.2

▶NVDjuniper/junos13 versions+12

🔴Vulnerability Details

GHSA

GHSA-fc92-44ch-wwhv: In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an in↗2022-05-24

▶

CVEList

Junos OS and Junos OS Evolved: Invalid BGP UPDATE sent to peer device may cause BGP session to terminate.↗2020-04-15

▶

📋Vendor Advisories

Juniper

CVE-2020-1632: In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an in↗2020-04-15

▶