CVE-2020-1641 — Race Condition in Networks Junos OS

CWE-362 — Race Condition5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 80.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJul 17

Latest updateMay 24

Description

A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). This issue occurs when crafted LLDP packets are received by the device from an adjacent device. Multiple LACP flaps will occur after LLDP crashes. An indicator of compromise is to evaluate log file details for lldp with RLIMIT. Intervention should occur before 85% threshold of used KB versus maximum available KB memory is reached. show lo…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os12.3 — 12.3R12-S15+15

▶NVDjuniper/junos16 versions+15

🔴Vulnerability Details

GHSA

GHSA-34rw-6hrg-mxr5: A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Servi↗2022-05-24

▶

CVEList

Junos OS: A race condition on receipt of crafted LLDP packets leads to a memory leak and an LLDP crash.↗2020-07-17

▶

📋Vendor Advisories

Juniper

CVE-2020-1641: A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Servi↗2020-07-17

▶

💬Community

Bugzilla

CVE-2020-2100 jenkins: UDP multicast/broadcast service amplification reflection attack↗2020-01-31

▶