CVE-2020-1633Improper Input Validation in Networks Junos OS

CWE-20Improper Input Validation4 documents4 sources
Severity
6.5MEDIUMNVD
CNA7.4
EPSS
0.1%
top 71.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 9
Latest updateMay 24

Description

Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded, leading to a Denial of Service (DoS) condition. This issue only affects Junos OS 17.4 and later releases. Prior releases do not support this feature and are unaffected by this vulnerability. This issue o

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os17.417.4R2-S9, 17.4R3+7
NVDjuniper/junos8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-2rxm-39cm-27mj: Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 172022-05-24
CVEList
Junos OS: MX Series: Crafted packets traversing a Broadband Network Gateway (BNG) configured with IPv6 NDP proxy could lead to Denial of Service2020-04-09

📋Vendor Advisories

1
Juniper
CVE-2020-1633: Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Bro2020-04-09
CVE-2020-1633 — Improper Input Validation | cvebase