CVE-2020-1639
published 2020-04-08CVE-2020-1639: When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) condition by coring the CFM daemon. Continued receipt of these packets may cause an extended Denial of Service condition. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 14.1X50 versions prior to 14.1X50-D145; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R2; 15.1X49 versions prior to 15.1X49-D170 on SRX Series; 15.1X53 versions prior to 15.1X53-D67.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos_os | — | — |
| juniper | srx_series | — | — |
| juniper_networks | junos_os | >= 12.3 < 12.3R12-S15 | 12.3R12-S15 |
| juniper_networks | junos_os | >= 12.3X48 < 12.3X48-D95 | 12.3X48-D95 |
| juniper_networks | junos_os | >= 14.1X50 < 14.1X50-D145 | 14.1X50-D145 |
| juniper_networks | junos_os | >= 14.1X53 < 14.1X53-D47 | 14.1X53-D47 |
| juniper_networks | junos_os | >= 15.1 < 15.1R2 | 15.1R2 |
| juniper_networks | junos_os | >= 15.1X49 < 15.1X49-D170 | 15.1X49-D170 |
| juniper_networks | junos_os | >= 15.1X53 < 15.1X53-D67 | 15.1X53-D67 |
GHSA
GHSA-rvxm-fxrp-q47c: When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may imprope
ghsa_unreviewed·2022-05-24
CVE-2020-1639 [MEDIUM] CWE-755 GHSA-rvxm-fxrp-q47c: When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may imprope
When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) condition by coring the CFM daemon. Continued receipt of these packets may cause an extended Denial of Service condition. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 14.1X50 versions prior to 14.1X50-D145; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R2; 15.1X49 versions prior to 15.1X49-D170 on SRX Series; 15.1X53
Juniper
CVE-2020-1639: When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may imprope
vendor_juniper·2020-04-08·CVSS 7.5
CVE-2020-1639 [HIGH] CWE-703 CVE-2020-1639: When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may imprope
CVE-2020-1639: When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) condition by coring the CFM daemon. Continued receipt of these packets may cause an extended Denial of Service condition. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 14.1X50 versions prior to 14.1X50-D145; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R2; 15.1X49 versions prior to 15.1X49-D170 on SRX
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-04-08
Published