CVE-2020-1639Improper Check or Handling of Exceptional Conditions in Networks Junos OS

CWE-703Improper Check or Handling of Exceptional ConditionsCWE-755Improper Handling of Exceptional Conditions4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 8
Latest updateMay 24

Description

When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) condition by coring the CFM daemon. Continued receipt of these packets may cause an extended Denial of Service condition. This i

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os12.312.3R12-S15+6
NVDjuniper/junos7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-rvxm-fxrp-q47c: When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may imprope2022-05-24
CVEList
Junos OS: A crafted Ethernet OAM packet received by Junos may cause the Ethernet OAM connectivity fault management process (CFM) to core.2020-04-08

📋Vendor Advisories

1
Juniper
CVE-2020-1639: When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may imprope2020-04-08
CVE-2020-1639 — Juniper Networks Junos OS vulnerability | cvebase