CVE-2020-1685 — Observable Discrepancy in Networks Junos OS
Severity
5.8MEDIUMNVD
EPSS
0.2%
top 56.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 16
Latest updateMay 24
Description
When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under certain conditions. Given a firewall filter configuration similar to: family ethernet-switching { filter L2-VLAN { term ALLOW { from { user-vlan-id 100; } then { accept; } } term NON-MATCH { then { discard; } } when there is only one term containing a 'user-vlan-id' match condition, and no other ter…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4
Affected Packages2 packages
🔴Vulnerability Details
2GHSA▶
GHSA-8m64-wrm2-jj3m: When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the↗2022-05-24
CVEList▶
Junos OS: EX4600, QFX5K Series: Stateless firewall filter matching 'user-vlan-id' will cause incomplete discard action↗2020-10-16
📋Vendor Advisories
1Juniper▶
CVE-2020-1685: When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the↗2020-10-16