JuniperCVELIST:CVE-2020-1662CVE-2020-1662 Junos OS and Junos OS Evolved: RPD crash due to BGP session flapping.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
42.5%
On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3.
CNA Affected
[
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "17.2R3-S3"
},
{
"lessThan": "17.2R3-S3",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"changes": [
{
"at": "17.3R3-S8",
"status": "unaffected"
}
],
"lessThan": "17.3*",
"status": "affected",
"version": "17.3R3-S3",
"versionType": "custom"
},
{
"changes": [
{
"at": "17.4R2-S10, 17.4R3-S2",
"status": "unaffected"
}
],
"lessThan": "17.4*",
"status": "affected",
"version": "17.4R2-S4, 17.4R3",
"versionType": "custom"
},
{
"changes": [
{
"at": "18.1R3-S10",
"status": "unaffected"
}
],
"lessThan": "18.1*",
"status": "affected",
"version": "18.1R3-S6",
"versionType": "custom"
},
{
"changes": [
{
"at": "18.2R3-S4",
"status": "unaffected"
}
],
"lessThan": "18.2*",
"status": "affected",
"version": "18.2R3",
"versionType": "custom"
},
{
"changes": [
{
"at": "18.2X75-D53, 18.2X75-D65",
"status": "unaffected"
}
],
"lessThan": "18.2X75*",
"status": "affected",
"version": "18.2X75-D50, 18.2X75-D60",
"versionType": "custom"
},
{
"changes": [
{
"at": "18.3R2-S4, 18.3R3-S2",
"status": "unaffected"
}
],
"lessThan": "18.3*",
"status": "affected",
"version": "18.3R2",
"versionType": "custom"
},
{
"changes": [
{
"at": "18.4R2-S5, 18.4R3-S2",
"status": "unaffected"
}
],
"lessThan": "18.4*",
"status": "affected",
"version": "18.4R2",
"versionType": "custom"
},
{
"changes": [
{
"at": "19.1R2-S2, 19.1R3-S1",
"status": "unaffected"
}
],
"lessThan": "19.1*",
"status": "affected",
"version": "19.1R1",
"versionType": "custom"
},
{
"changes": [
{
"at": "19.2R1-S5, 19.2R2",
"status": "unaffected"
}
],
"lessThan": "19.2*",
"status": "affected",
"version": "19.2R1",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S3, 19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S3, 19.4R2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R1-S2, 20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "19.4-EVO"
},
{
"lessThan": "20.1R2-EVO",
"status": "affected",
"version": "20.1-EVO",
"versionType": "custom"
}
]
}
]References
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
42.5%