Lucene search

[email protected]CVE-2020-1655

HistoryJul 17, 2020 - 7:15 p.m.

CVE-2020-1655

2020-07-1719:15:14

[email protected]

web.nvd.nist.gov

juniper networks

junos os

mpc

ip reassembly

dos

vulnerability

cve-2020-1655

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

42.4%

JSON

When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of large packets requiring fragmentation, generating the following error messages: [LOG: Err] MQSS(0): WO: Packet Error - Error Packets 1, Connection 29 [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[0:0]: HMCIF Rx: Injected checksum error detected on WO response - Chunk Address 0x0 [LOG: Err] MQSS(0): DRD: RORD1: CMD reorder ID error - Command 11, Reorder ID 1838, QID 0 [LOG: Err] MQSS(0): DRD: UNROLL0: HMC chunk length error in stage 5 - Chunk Address: 0x4321f3 [LOG: Err] MQSS(0): DRD: UNROLL0: HMC chunk address error in stage 5 - Chunk Address: 0x0 [LOG: Notice] Error: /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc), scope: pfe, category: functional, severity: major, module: MQSS(0), type: DRD_RORD_ENG_INT: CMD FSM State Error [LOG: Notice] Performing action cmalarm for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major [LOG: Notice] Performing action get-state for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major [LOG: Notice] Performing action disable-pfe for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major By continuously sending fragmented packets that cannot be reassembled, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 17.2 versions prior to 17.2R3-S4 on MX Series; 17.3 versions prior to 17.3R3-S8 on MX Series; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2 on MX Series; 18.1 versions prior to 18.1R3-S10 on MX Series; 18.2 versions prior to 18.2R3-S3 on MX Series; 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D430, 18.2X75-D65 on MX Series; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S1 on MX Series; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3 on MX Series; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3 on MX Series; 19.2 versions prior to 19.2R1-S4, 19.2R2 on MX Series; 19.3 versions prior to 19.3R2-S2, 19.3R3 on MX Series. This issue is specific to inline IP reassembly, introduced in Junos OS 17.2. Versions of Junos OS prior to 17.2 are unaffected by this vulnerability.

Affected configurations

NVD

Node

juniperjunosMatch17.2-

juniperjunosMatch17.2r1

juniperjunosMatch17.2r1-s1

juniperjunosMatch17.2r1-s2

juniperjunosMatch17.2r1-s3

juniperjunosMatch17.2r1-s4

juniperjunosMatch17.2r1-s5

juniperjunosMatch17.2r1-s7

juniperjunosMatch17.2r1-s8

juniperjunosMatch17.2r2

juniperjunosMatch17.2r2-s11

juniperjunosMatch17.2r2-s6

juniperjunosMatch17.2r2-s7

juniperjunosMatch17.2r3-s1

juniperjunosMatch17.2r3-s2

juniperjunosMatch17.2r3-s3

juniperjunosMatch17.3-

juniperjunosMatch17.3r1-s1

juniperjunosMatch17.3r2

juniperjunosMatch17.3r2-s1

juniperjunosMatch17.3r2-s2

juniperjunosMatch17.3r2-s3

juniperjunosMatch17.3r2-s4

juniperjunosMatch17.3r3-

juniperjunosMatch17.3r3-s1

juniperjunosMatch17.3r3-s2

juniperjunosMatch17.3r3-s3

juniperjunosMatch17.3r3-s4

juniperjunosMatch17.3r3-s7

juniperjunosMatch17.4-

juniperjunosMatch17.4r1

juniperjunosMatch17.4r1-s1

juniperjunosMatch17.4r1-s2

juniperjunosMatch17.4r1-s4

juniperjunosMatch17.4r1-s5

juniperjunosMatch17.4r1-s6

juniperjunosMatch17.4r1-s7

juniperjunosMatch17.4r2

juniperjunosMatch17.4r2-s1

juniperjunosMatch17.4r2-s10

juniperjunosMatch17.4r2-s2

juniperjunosMatch17.4r2-s3

juniperjunosMatch17.4r2-s4

juniperjunosMatch17.4r2-s5

juniperjunosMatch17.4r2-s6

juniperjunosMatch17.4r2-s7

juniperjunosMatch17.4r2-s8

juniperjunosMatch17.4r2-s9

juniperjunosMatch17.4r3

juniperjunosMatch17.4r3-s1

juniperjunosMatch18.1-

juniperjunosMatch18.1r1

juniperjunosMatch18.1r2

juniperjunosMatch18.1r2-s1

juniperjunosMatch18.1r2-s2

juniperjunosMatch18.1r2-s4

juniperjunosMatch18.1r3

juniperjunosMatch18.1r3-s1

juniperjunosMatch18.1r3-s2

juniperjunosMatch18.1r3-s3

juniperjunosMatch18.1r3-s4

juniperjunosMatch18.1r3-s6

juniperjunosMatch18.1r3-s7

juniperjunosMatch18.1r3-s8

juniperjunosMatch18.1r3-s9

juniperjunosMatch18.2-

juniperjunosMatch18.2r1

juniperjunosMatch18.2r1-

juniperjunosMatch18.2r1-s3

juniperjunosMatch18.2r1-s4

juniperjunosMatch18.2r1-s5

juniperjunosMatch18.2r2

juniperjunosMatch18.2r2-s1

juniperjunosMatch18.2r2-s2

juniperjunosMatch18.2r2-s3

juniperjunosMatch18.2r2-s4

juniperjunosMatch18.2r2-s5

juniperjunosMatch18.2r3

juniperjunosMatch18.2r3-s1

juniperjunosMatch18.2r3-s2

juniperjunosMatch18.2x75-

juniperjunosMatch18.2x75d20

juniperjunosMatch18.2x75d30

juniperjunosMatch18.2x75d40

juniperjunosMatch18.3-

juniperjunosMatch18.3r1

juniperjunosMatch18.3r1-s1

juniperjunosMatch18.3r1-s2

juniperjunosMatch18.3r1-s3

juniperjunosMatch18.3r1-s5

juniperjunosMatch18.3r1-s6

juniperjunosMatch18.3r2

juniperjunosMatch18.3r2-s1

juniperjunosMatch18.3r2-s2

juniperjunosMatch18.3r2-s3

juniperjunosMatch18.3r3

juniperjunosMatch18.4-

juniperjunosMatch18.4r1

juniperjunosMatch18.4r1-s1

juniperjunosMatch18.4r1-s2

juniperjunosMatch18.4r1-s5

juniperjunosMatch18.4r1-s6

juniperjunosMatch18.4r2

juniperjunosMatch18.4r2-s1

juniperjunosMatch18.4r2-s2

juniperjunosMatch18.4r2-s3

juniperjunosMatch19.1-

juniperjunosMatch19.1r1

juniperjunosMatch19.1r1-s1

juniperjunosMatch19.1r1-s2

juniperjunosMatch19.1r1-s3

juniperjunosMatch19.1r1-s4

juniperjunosMatch19.1r2

juniperjunosMatch19.2-

juniperjunosMatch19.2r1

juniperjunosMatch19.2r1-s1

juniperjunosMatch19.2r1-s2

juniperjunosMatch19.2r1-s3

juniperjunosMatch19.3-

juniperjunosMatch19.3r1

juniperjunosMatch19.3r1-s1

juniperjunosMatch19.3r2

juniperjunosMatch19.3r2-s1

AND

junipermx10Match-

junipermx10000Match-

junipermx10003Match-

junipermx104Match-

junipermx150Match-

junipermx2008Match-

junipermx2010Match-

junipermx2020Match-

junipermx204Match-

junipermx240Match-

junipermx40Match-

junipermx480Match-

junipermx5Match-

junipermx80Match-

junipermx960Match-

CPENameOperatorVersion
juniper:junosjuniper junoseq17.2
juniper:junosjuniper junoseq17.3
juniper:junosjuniper junoseq17.4
juniper:junosjuniper junoseq18.1
juniper:junosjuniper junoseq18.2
juniper:junosjuniper junoseq18.2x75
juniper:junosjuniper junoseq18.3
juniper:junosjuniper junoseq18.4
juniper:junosjuniper junoseq19.1
juniper:junosjuniper junoseq19.2

CPE	Name	Operator	Version
juniper:junos	juniper junos	eq	17.2
juniper:junos	juniper junos	eq	17.3
juniper:junos	juniper junos	eq	17.4
juniper:junos	juniper junos	eq	18.1
juniper:junos	juniper junos	eq	18.2
juniper:junos	juniper junos	eq	18.2x75
juniper:junos	juniper junos	eq	18.3
juniper:junos	juniper junos	eq	18.4
juniper:junos	juniper junos	eq	19.1
juniper:junos	juniper junos	eq	19.2

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "platforms": [
      "MX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "17.2",
        "status": "unaffected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "17.2R3-S4",
        "status": "affected",
        "version": "17.2",
        "versionType": "custom"
      },
      {
        "lessThan": "17.3R3-S8",
        "status": "affected",
        "version": "17.3",
        "versionType": "custom"
      },
      {
        "lessThan": "17.4R2-S10, 17.4R3-S2",
        "status": "affected",
        "version": "17.4",
        "versionType": "custom"
      },
      {
        "lessThan": "18.1R3-S10",
        "status": "affected",
        "version": "18.1",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2R3-S3",
        "status": "affected",
        "version": "18.2",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2X75-D41, 18.2X75-D430, 18.2X75-D65",
        "status": "affected",
        "version": "18.2X75",
        "versionType": "custom"
      },
      {
        "lessThan": "18.3R1-S7, 18.3R2-S4, 18.3R3-S1",
        "status": "affected",
        "version": "18.3",
        "versionType": "custom"
      },
      {
        "lessThan": "18.4R1-S7, 18.4R2-S4, 18.4R3",
        "status": "affected",
        "version": "18.4",
        "versionType": "custom"
      },
      {
        "lessThan": "19.1R1-S5, 19.1R2-S1, 19.1R3",
        "status": "affected",
        "version": "19.1",
        "versionType": "custom"
      },
      {
        "lessThan": "19.2R1-S4, 19.2R2",
        "status": "affected",
        "version": "19.2",
        "versionType": "custom"
      },
      {
        "lessThan": "19.3R2-S2, 19.3R3",
        "status": "affected",
        "version": "19.3",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.juniper.net/JSA11041

www.juniper.net/documentation/en_US/junos/topics/topic-map/l2tp-lns-inline-service-interfaces.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

42.4%

JSON

Related for CVE-2020-1655

nessus1 prion1 cvelist1 nvd1