CVE-2020-1644Improper Check or Handling of Exceptional Conditions in Networks Junos OS

CWE-703Improper Check or Handling of Exceptional ConditionsCWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Juniper Networks Junos OSJuniper Networks Junos OS EvolvedJuniper Junos+1 more
Timeline
PublishedJul 17
Latest updateMay 24

Description

On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. This issue affects both IBGP and EBGP multihop deployment in IPv4 or IPv6 network. This issue affects: Juniper Networks Junos OS: 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5juniper_networks/junos_os_evolved20.1-EVO20.1R2-EVO+3
CVEListV5juniper_networks/junos_os17.2X7517.2X75-D105.19+11
NVDjuniper/junos_os_evolved5 versions+4
NVDjuniper/junos12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-53h4-f555-qg3c: On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented in2022-05-24
CVEList
Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets2020-07-17

📋Vendor Advisories

1
Juniper
CVE-2020-1644: On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented in2020-07-17
CVE-2020-1644 — Juniper Networks Junos OS vulnerability | cvebase