Sign-up

ID

VAR-202007-1427


CVE

CVE-2020-1646


TITLE

Juniper Networks Junos OS and Junos OS Evolved Input verification vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-008315

DESCRIPTION

On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO. Other Junos OS releases are not affected. The operating system provides a secure programming interface and Junos SDK

Trust: 1.71

sources: NVD: CVE-2020-1646 // JVNDB: JVNDB-2020-008315 // VULHUB: VHN-169540

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

vendor:junipermodel:junos os evolvedscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008315 // NVD: CVE-2020-1646

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1646
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2020-1646
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008315
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-413
value: HIGH

Trust: 0.6

VULHUB: VHN-169540
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1646
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008315
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-169540
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1646
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-008315
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-169540 // JVNDB: JVNDB-2020-008315 // CNNVD: CNNVD-202007-413 // NVD: CVE-2020-1646 // NVD: CVE-2020-1646

PROBLEMTYPE DATA

problemtype:CWE-159

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-169540 // JVNDB: JVNDB-2020-008315 // NVD: CVE-2020-1646

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-413

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-413

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008315

PATCH
title:JSA11033url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11033&actp=METADATA
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-008315

EXTERNAL IDS
db:NVDid:CVE-2020-1646
Trust: 2.5
db:JUNIPERid:JSA11033
Trust: 1.7
db:JVNDBid:JVNDB-2020-008315
Trust: 0.8
db:CNNVDid:CNNVD-202007-413
Trust: 0.7
db:AUSCERTid:ESB-2020.2348
Trust: 0.6
db:CNVDid:CNVD-2020-49037
Trust: 0.1
db:VULHUBid:VHN-169540
Trust: 0.1
sources:
            
            
            VULHUB: VHN-169540 // 
            
            
            
            JVNDB: JVNDB-2020-008315 // 
            
            
            
            CNNVD: CNNVD-202007-413 // 
            
            
            
            NVD: CVE-2020-1646

REFERENCES
url:https://kb.juniper.net/jsa11033
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-1646
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1646
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2348/
Trust: 0.6
url:https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-bgp-update-32773
Trust: 0.6
sources:
            
            
            VULHUB: VHN-169540 // 
            
            
            
            JVNDB: JVNDB-2020-008315 // 
            
            
            
            CNNVD: CNNVD-202007-413 // 
            
            
            
            NVD: CVE-2020-1646

SOURCES
db:VULHUBid:VHN-169540
db:JVNDBid:JVNDB-2020-008315
db:CNNVDid:CNNVD-202007-413
db:NVDid:CVE-2020-1646

LAST UPDATE DATE
2024-08-14T14:18:53.172000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-169540date:2022-01-01T00:00:00
db:JVNDBid:JVNDB-2020-008315date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-413date:2022-01-04T00:00:00
db:NVDid:CVE-2020-1646date:2022-01-01T17:34:52.827

SOURCES RELEASE DATE
db:VULHUBid:VHN-169540date:2020-07-17T00:00:00
db:JVNDBid:JVNDB-2020-008315date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-413date:2020-07-09T00:00:00
db:NVDid:CVE-2020-1646date:2020-07-17T19:15:13.047