CVE-2020-1662 — Improper Input Validation in Networks Junos OS

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 39.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos

Timeline

PublishedOct 16

Latest updateMay 24

Description

On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit thre…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5juniper_networks/junos_os_evolved20.1-EVO — 20.1R2-EVO+1

▶CVEListV5juniper_networks/junos_os17.3R3-S3 — 17.3*+12

▶NVDjuniper/junos13 versions+12

🔴Vulnerability Details

GHSA

GHSA-8vq7-pm9r-4fgw: On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting↗2022-05-24

▶

CVEList

Junos OS and Junos OS Evolved: RPD crash due to BGP session flapping.↗2020-10-16

▶

📋Vendor Advisories

Juniper

CVE-2020-1662: On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting↗2020-10-16

▶