CVE-2020-1683Missing Release of Memory after Effective Lifetime in Networks Junos OS

CWE-401Missing Release of Memory after Effective Lifetime5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 41.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedOct 16
Latest updateMay 24

Description

On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Prior to the kernel crash other processes might be impacted, such as failure to establish SSH connection to the device. The administrator can monitor the output of the following command to check if there is memory leak caused by this issue: user@device> show system virtual-memory | match "pfe_ipc|kmem" pfe_ipc 147 5K - 164352 16,32,64,8192 <-- increasing vm.kmem_m

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os18.1R3-S518.1*+9
NVDjuniper/junos10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-h8g9-274c-2qqg: On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore)2022-05-24
CVEList
Junos OS: Memory leak leads to kernel crash (vmcore) due to SNMP polling2020-10-16

💥Exploits & PoCs

1
Nuclei
Jenkins Gitlab Hook <=1.4.2 - Cross-Site Scripting

📋Vendor Advisories

1
Juniper
CVE-2020-1683: On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Prior to the ker2020-10-16
CVE-2020-1683 — Juniper Networks Junos OS vulnerability | cvebase