CVE-2020-1644 Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets

🗓️ 17 Jul 2020 18:40:40Reported by juniperType

Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets. Internal counter incremented incorrectly leading to RPD crash and restart

Reporter	Title	Published	Views	Family All 6
BDU FSTEC	The vulnerability of the Routing Protocols Daemon (RPD) implementation in JunOS and JunOS Evolved operating systems allows a hacker to induce a service failure.	13 Apr 202100:00	–	bdu_fstec
CVE	CVE-2020-1644	17 Jul 202018:40	–	cve
EUVD	EUVD-2020-12509	7 Oct 202500:30	–	euvd
Tenable Nessus	Juniper Junos RPD Crash DoS (JSA11032)	24 Jul 202000:00	–	nessus
NVD	CVE-2020-1644	17 Jul 202019:15	–	nvd
Prion	Code injection	17 Jul 202019:15	–	prion

[
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThanOrEqual": "17.3R1",
        "status": "unaffected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "17.2X75-D105.19",
        "status": "affected",
        "version": "17.2X75",
        "versionType": "custom"
      },
      {
        "lessThan": "17.3R3-S8",
        "status": "affected",
        "version": "17.3",
        "versionType": "custom"
      },
      {
        "lessThan": "17.4R2-S10, 17.4R3-S2",
        "status": "affected",
        "version": "17.4",
        "versionType": "custom"
      },
      {
        "lessThan": "18.1R3-S10",
        "status": "affected",
        "version": "18.1",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2R2-S7, 18.2R3-S4",
        "status": "affected",
        "version": "18.2",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60",
        "status": "affected",
        "version": "18.2X75",
        "versionType": "custom"
      },
      {
        "lessThan": "18.3R2-S4, 18.3R3-S2",
        "status": "affected",
        "version": "18.3",
        "versionType": "custom"
      },
      {
        "lessThan": "18.4R1-S7, 18.4R2-S4, 18.4R3-S2",
        "status": "affected",
        "version": "18.4",
        "versionType": "custom"
      },
      {
        "lessThan": "19.1R1-S5, 19.1R2-S1, 19.1R3",
        "status": "affected",
        "version": "19.1",
        "versionType": "custom"
      },
      {
        "lessThan": "19.2R1-S5, 19.2R2",
        "status": "affected",
        "version": "19.2",
        "versionType": "custom"
      },
      {
        "lessThan": "19.3R2-S2, 19.3R3",
        "status": "affected",
        "version": "19.3",
        "versionType": "custom"
      },
      {
        "lessThan": "19.4R1-S2, 19.4R2",
        "status": "affected",
        "version": "19.4",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Junos OS Evolved",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "19.2-EVO"
      },
      {
        "status": "affected",
        "version": "19.3-EVO"
      },
      {
        "status": "affected",
        "version": "19.4-EVO"
      },
      {
        "lessThan": "20.1R2-EVO",
        "status": "affected",
        "version": "20.1-EVO",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
kb	www.kb.juniper.net/JSA11032

17 Jul 2020 18:40Current

7.4High risk

Vulners AI Score7.4

CVSS 3.17.5

EPSS0.00389

CWE-703