CVE-2020-1670

16.10.2020, 21:15

On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic interruption. This specific packets can originate only from within the broadcast domain where the device is connected. This issue occurs when the packets enter to the IRB interface. Only IPv4 packets can trigger this issue. IPv6 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS on EX4300 series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S3, 20.1R2.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
juniper	CNA	6.5 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 27%

Vendor	Product	Version
juniper	junos	17.3
juniper	junos	17.3:r1-s1
juniper	junos	17.3:r2
juniper	junos	17.3:r2-s1
juniper	junos	17.3:r2-s2
juniper	junos	17.3:r2-s3
juniper	junos	17.3:r2-s4
juniper	junos	17.3:r2-s5
juniper	junos	17.3:r3
juniper	junos	17.3:r3-s1
juniper	junos	17.3:r3-s2
juniper	junos	17.3:r3-s3
juniper	junos	17.3:r3-s4
juniper	junos	17.3:r3-s7
juniper	junos	17.3:r3-s8
juniper	junos	17.4
juniper	junos	17.4:r1
juniper	junos	17.4:r1-s1
juniper	junos	17.4:r1-s2
juniper	junos	17.4:r1-s4
juniper	junos	17.4:r1-s5
juniper	junos	17.4:r1-s6
juniper	junos	17.4:r1-s7
juniper	junos	17.4:r2
juniper	junos	17.4:r2-s1
juniper	junos	17.4:r2-s10
juniper	junos	17.4:r2-s2
juniper	junos	17.4:r2-s3
juniper	junos	17.4:r2-s4
juniper	junos	17.4:r2-s5
juniper	junos	17.4:r2-s6
juniper	junos	17.4:r2-s7
juniper	junos	17.4:r2-s8
juniper	junos	17.4:r2-s9
juniper	junos	18.1
juniper	junos	18.1:r1
juniper	junos	18.1:r2
juniper	junos	18.1:r2-s1
juniper	junos	18.1:r2-s2
juniper	junos	18.1:r2-s4
juniper	junos	18.1:r3
juniper	junos	18.1:r3-s1
juniper	junos	18.1:r3-s2
juniper	junos	18.1:r3-s3
juniper	junos	18.1:r3-s4
juniper	junos	18.1:r3-s6
juniper	junos	18.1:r3-s7
juniper	junos	18.1:r3-s8
juniper	junos	18.1:r3-s9
juniper	junos	18.2
juniper	junos	18.2:r1
juniper	junos	18.2:r1
juniper	junos	18.2:r1-s3
juniper	junos	18.2:r1-s4
juniper	junos	18.2:r1-s5
juniper	junos	18.2:r2
juniper	junos	18.2:r2-s1
juniper	junos	18.2:r2-s2
juniper	junos	18.2:r2-s3
juniper	junos	18.2:r2-s4
juniper	junos	18.2:r2-s5
juniper	junos	18.2:r2-s6
juniper	junos	18.2:r3
juniper	junos	18.2:r3-s1
juniper	junos	18.2:r3-s2
juniper	junos	18.2:r3-s3
juniper	junos	18.3
juniper	junos	18.3:r1
juniper	junos	18.3:r1-s1
juniper	junos	18.3:r1-s2
juniper	junos	18.3:r1-s3
juniper	junos	18.3:r1-s5
juniper	junos	18.3:r1-s6
juniper	junos	18.3:r2
juniper	junos	18.3:r2-s1
juniper	junos	18.3:r2-s2
juniper	junos	18.3:r2-s3
juniper	junos	18.3:r3
juniper	junos	18.3:r3-s1
juniper	junos	18.4
juniper	junos	18.4:r1
juniper	junos	18.4:r1-s1
juniper	junos	18.4:r1-s2
juniper	junos	18.4:r1-s5
juniper	junos	18.4:r1-s6
juniper	junos	18.4:r2
juniper	junos	18.4:r2-s1
juniper	junos	18.4:r2-s2
juniper	junos	18.4:r2-s3
juniper	junos	18.4:r3
juniper	junos	18.4:r3-s1
juniper	junos	19.1
juniper	junos	19.1:r1
juniper	junos	19.1:r1-s1
juniper	junos	19.1:r1-s2
juniper	junos	19.1:r1-s3
juniper	junos	19.1:r1-s4
juniper	junos	19.1:r2
juniper	junos	19.1:r2-s1
juniper	junos	19.1:r3
juniper	junos	19.2
juniper	junos	19.2:r1
juniper	junos	19.2:r1-s1
juniper	junos	19.2:r1-s2
juniper	junos	19.2:r1-s3
juniper	junos	19.2:r1-s4
juniper	junos	19.2:r2
juniper	junos	19.3
juniper	junos	19.3:r1
juniper	junos	19.3:r1-s1
juniper	junos	19.3:r2
juniper	junos	19.3:r2-s1
juniper	junos	19.3:r2-s2
juniper	junos	19.3:r2-s3
juniper	junos	19.4:r1
juniper	junos	19.4:r1-s1
juniper	junos	19.4:r1-s2
juniper	junos	20.1:r1
juniper	junos	20.1:r1-s1
juniper	junos	20.1:r1-s2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

https://kb.juniper.net/

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11067&actp=SUBSCRIPTION

https://kb.juniper.net/