CVE-2020-1681Improper Handling of Exceptional Conditions in Networks Junos OS Evolved

CWE-755Improper Handling of Exceptional ConditionsCWE-617Reachable Assertion4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 66.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OS EvolvedJuniper Junos OS Evolved
Timeline
PublishedOct 16
Latest updateMay 24

Description

Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolvedall20.1R2-EVO
NVDjuniper/junos_os_evolved4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-w8cp-6x5g-mf2j: Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause2022-05-24
CVEList
Junos OS Evolved: Receipt of a specifically malformed NDP packet could lead to Denial of Service2020-10-16

📋Vendor Advisories

1
Juniper
CVE-2020-1681: Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause2020-10-16
CVE-2020-1681 — Networks Junos OS Evolved vulnerability | cvebase