CVE-2020-1640Improper Use of Validation Framework in Networks Junos OS

CWE-1173Improper Use of Validation FrameworkCWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 36.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJul 17
Latest updateMay 24

Description

An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. This framework requires these packets to be passed. By continuously sending any of these types of formatted genuine packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Authentication to the BGP peer is not required. This

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os16.1R7-S616.1*+12
NVDjuniper/junos13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-crvx-qrfr-h2c3: An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon2022-05-24
CVEList
Junos OS: Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash.2020-07-17

📋Vendor Advisories

1
Juniper
CVE-2020-1640: An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon2020-07-17
CVE-2020-1640 — Improper Use of Validation Framework | cvebase