CVE-2020-1662

Published: Oct 16, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: sirt@juniper.net (Secondary)

Description

On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3.

Affected (59)

Products: Juniper: Junos

Juniper

1 product

Junos

Configuration A

59 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 17.2 r3-s3
Juniper Junos	Version 17.3 r3-s3
Juniper Junos	Version 17.3 r3-s4
Juniper Junos	Version 17.3 r3-s7
Juniper Junos	Version 17.4 r2-s4
Juniper Junos	Version 17.4 r2-s5
Juniper Junos	Version 17.4 r2-s6
Juniper Junos	Version 17.4 r2-s7
Juniper Junos	Version 17.4 r2-s8
Juniper Junos	Version 17.4 r2-s9
Juniper Junos	Version 17.4 r3-s1
Juniper Junos	Version 17.4 r3
Juniper Junos	Version 18.1 r3-s6
Juniper Junos	Version 18.1 r3-s7
Juniper Junos	Version 18.1 r3-s8
Juniper Junos	Version 18.1 r3-s9
Juniper Junos	Version 18.2 r3-s1
Juniper Junos	Version 18.2 r3-s2
Juniper Junos	Version 18.2 r3-s3
Juniper Junos	Version 18.2 r3
Juniper Junos	Version 18.2x75 d50
Juniper Junos	Version 18.2x75 d51
Juniper Junos	Version 18.2x75 d60
Juniper Junos	Version 18.3 r2-s1
Juniper Junos	Version 18.3 r2-s2
Juniper Junos	Version 18.3 r2-s3
Juniper Junos	Version 18.3 r2
Juniper Junos	Version 18.3 r3-s1
Juniper Junos	Version 18.3 r3
Juniper Junos	Version 18.4 r2-s1
Juniper Junos	Version 18.4 r2-s2
Juniper Junos	Version 18.4 r2-s3
Juniper Junos	Version 18.4 r2-s4
Juniper Junos	Version 18.4 r2
Juniper Junos	Version 18.4 r3-s1
Juniper Junos	Version 18.4 r3
Juniper Junos	Version 19.1 r1-s1
Juniper Junos	Version 19.1 r1-s2
Juniper Junos	Version 19.1 r1-s3
Juniper Junos	Version 19.1 r1-s4
Juniper Junos	Version 19.1 r1
Juniper Junos	Version 19.1 r2-s1
Juniper Junos	Version 19.1 r2
Juniper Junos	Version 19.1 r3
Juniper Junos	Version 19.2 r1-s1
Juniper Junos	Version 19.2 r1-s2
Juniper Junos	Version 19.2 r1-s3
Juniper Junos	Version 19.2 r1
Juniper Junos	Version 19.3
Juniper Junos	Version 19.3 r1-s1
Juniper Junos	Version 19.3 r1
Juniper Junos	Version 19.3 r2-s1
Juniper Junos	Version 19.3 r2-s2
Juniper Junos	Version 19.3 r2
Juniper Junos	Version 19.4 r1-s1
Juniper Junos	Version 19.4 r1-s2
Juniper Junos	Version 19.4 r1
Juniper Junos	Version 20.1 r1-s1
Juniper Junos	Version 20.1 r1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://kb.juniper.net/JSA11059

Source: sirt@juniper.net

Vendor Advisory

https://kb.juniper.net/JSA11059

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.