Lucene search

JuniperCVE-2020-1651

HistoryJul 17, 2020 - 7:15 p.m.

CVE-2020-1651

2020-07-1719:15:13

CWE-401

CWE-19

juniper

web.nvd.nist.gov

cve-2020-1651

juniper networks

mx series

pfe

denial of service

dos

junos os

security vulnerability

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

25.0%

JSON

On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine (PFE) on the line card to crash and restart, causing traffic interruption. By continuously sending this stream of specific layer 2 frame, an attacker connected to the same broadcast domain can repeatedly crash the PFE, causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS on MX Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2. This issue does not affect Juniper Networks Junos OS releases prior to 17.2R1.

Affected configurations

Nvd

Node

juniperjunosMatch17.2-

juniperjunosMatch17.2r1

juniperjunosMatch17.2r1-s1

juniperjunosMatch17.2r1-s2

juniperjunosMatch17.2r1-s3

juniperjunosMatch17.2r1-s4

juniperjunosMatch17.2r1-s5

juniperjunosMatch17.2r1-s7

juniperjunosMatch17.2r1-s8

juniperjunosMatch17.2r2

juniperjunosMatch17.2r2-s11

juniperjunosMatch17.2r2-s6

juniperjunosMatch17.2r2-s7

juniperjunosMatch17.2r3-s1

juniperjunosMatch17.2r3-s2

juniperjunosMatch17.2r3-s3

juniperjunosMatch17.2x75-

juniperjunosMatch17.2x75d102

juniperjunosMatch17.2x75d50

juniperjunosMatch17.2x75d70

juniperjunosMatch17.2x75d92

juniperjunosMatch17.3-

juniperjunosMatch17.3r1-s1

juniperjunosMatch17.3r2

juniperjunosMatch17.3r2-s1

juniperjunosMatch17.3r2-s2

juniperjunosMatch17.3r2-s3

juniperjunosMatch17.3r2-s4

juniperjunosMatch17.3r3-

juniperjunosMatch17.3r3-s1

juniperjunosMatch17.3r3-s2

juniperjunosMatch17.3r3-s3

juniperjunosMatch17.3r3-s4

juniperjunosMatch17.4-

juniperjunosMatch17.4r1

juniperjunosMatch17.4r1-s1

juniperjunosMatch17.4r1-s2

juniperjunosMatch18.1-

juniperjunosMatch18.1r1

AND

junipermx10Match-

junipermx10000Match-

junipermx10003Match-

junipermx104Match-

junipermx150Match-

junipermx2008Match-

junipermx2010Match-

junipermx2020Match-

junipermx204Match-

junipermx240Match-

junipermx40Match-

junipermx480Match-

junipermx5Match-

junipermx80Match-

junipermx960Match-

VendorProductVersionCPE
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:-:*:*:*:*:*:*
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r1-s1:*:*:*:*:*:*
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r1-s2:*:*:*:*:*:*
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r1-s3:*:*:*:*:*:*
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r1-s4:*:*:*:*:*:*
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r1-s5:*:*:*:*:*:*
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r1-s8:*:*:*:*:*:*
juniperjunos17.2cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*

Vendor	Product	Version	CPE
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:-::::::
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r1::::::
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r1-s1::::::
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r1-s2::::::
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r1-s3::::::
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r1-s4::::::
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r1-s5::::::
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r1-s7::::::
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r1-s8::::::
juniper	junos	17.2	cpe:2.3:o:juniper:junos:17.2:r2::::::

Rows per page:

1-10 of 541

CNA Affected

[
  {
    "platforms": [
      "MX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "17.2R1",
        "status": "unaffected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "17.2R3-S4",
        "status": "affected",
        "version": "17.2",
        "versionType": "custom"
      },
      {
        "lessThan": "17.2X75-D105.19",
        "status": "affected",
        "version": "17.2X75",
        "versionType": "custom"
      },
      {
        "lessThan": "17.3R3-S7",
        "status": "affected",
        "version": "17.3",
        "versionType": "custom"
      },
      {
        "lessThan": "17.4R1-S3, 17.4R2",
        "status": "affected",
        "version": "17.4",
        "versionType": "custom"
      },
      {
        "lessThan": "18.1R2",
        "status": "affected",
        "version": "18.1",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.juniper.net/JSA11038

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

25.0%

JSON

Related for CVE-2020-1651