CVE-2020-1657Incorrect Behavior Order: Early Amplification in Networks Junos OS

CWE-408Incorrect Behavior Order: Early Amplification5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedOct 16
Latest updateMay 24

Description

On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel. Sustained receipt of these spoofed packets can cause a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 implementations. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 version

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os12.3X4812.3X48-D90+7
NVDjuniper/junos8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-x66f-9p5x-42r4: On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targ2022-05-24
CVEList
Junos OS: SRX Series: An attacker sending spoofed packets to IPSec peers may cause a Denial of Service.2020-10-16

📋Vendor Advisories

1
Juniper
CVE-2020-1657: On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targ2020-10-16

💬Community

1
Bugzilla
CVE-2020-10705 undertow: Memory exhaustion issue in HttpReadListener via "Expect: 100-continue" header2020-02-14
CVE-2020-1657 — Juniper Networks Junos OS vulnerability | cvebase