Vulnerability-Lookup

BDU:2020-04563

Vulnerability from fstec - Published: 08.04.2020

Title

Уязвимость модуля FPC операционных систем JunOS и JunOS Evolved, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость модуля FPC операционных систем JunOS и JunOS Evolved существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Juniper Networks Inc.

Software Name

Junos OS Evolved, JunOS

Software Version

до 19.4R2-EVO (Junos OS Evolved), до 19.2R1-S4 (JunOS), до 19.2R2 (JunOS), до 19.3R2-S2 (JunOS), до 19.3R3 (JunOS), до 19.4R1-S1 (JunOS), до 19.4R2 (JunOS), до 19.3-EVO (Junos OS Evolved), до 19.2-EVO (Junos OS Evolved)

Possible Mitigations

Использование рекомендаций: https://kb.juniper.net/JSA11019

Reference

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11019&cat=SIRT_1&actp=LIST https://kb.juniper.net/JSA11019 https://nvd.nist.gov/vuln/detail/CVE-2020-1638

CWE

CWE-20, CWE-467

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Juniper Networks Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 19.4R2-EVO (Junos OS Evolved), \u0434\u043e 19.2R1-S4 (JunOS), \u0434\u043e 19.2R2 (JunOS), \u0434\u043e 19.3R2-S2 (JunOS), \u0434\u043e 19.3R3 (JunOS), \u0434\u043e 19.4R1-S1 (JunOS), \u0434\u043e 19.4R2 (JunOS), \u0434\u043e 19.3-EVO (Junos OS Evolved), \u0434\u043e 19.2-EVO (Junos OS Evolved)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://kb.juniper.net/JSA11019",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.04.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.06.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.10.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-04563",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-1638",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Junos OS Evolved, JunOS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Juniper Networks Inc. JunOS \u043e\u0442 19.2 \u0434\u043e 19.2R1-S4 MPC10E, Juniper Networks Inc. JunOS \u043e\u0442 19.2 \u0434\u043e 19.2R1-S4 MPC11E, Juniper Networks Inc. JunOS \u043e\u0442 19.2 \u0434\u043e 19.2R1-S4 PTX10001, Juniper Networks Inc. JunOS \u043e\u0442 19.2 \u0434\u043e 19.2R2 MPC10E, Juniper Networks Inc. JunOS \u043e\u0442 19.2 \u0434\u043e 19.2R2 MPC11E, Juniper Networks Inc. JunOS \u043e\u0442 19.2 \u0434\u043e 19.2R2 PTX10001, Juniper Networks Inc. JunOS \u043e\u0442 19.3 \u0434\u043e 19.3R2-S2 MPC10E, Juniper Networks Inc. JunOS \u043e\u0442 19.3 \u0434\u043e 19.3R2-S2 MPC11E, Juniper Networks Inc. JunOS \u043e\u0442 19.3 \u0434\u043e 19.3R2-S2 PTX10001, Juniper Networks Inc. JunOS \u043e\u0442 19.3 \u0434\u043e 19.3R3 MPC10E, Juniper Networks Inc. JunOS \u043e\u0442 19.3 \u0434\u043e 19.3R3 MPC11E, Juniper Networks Inc. JunOS \u043e\u0442 19.3 \u0434\u043e 19.3R3 PTX10001, Juniper Networks Inc. JunOS \u043e\u0442 19.4 \u0434\u043e 19.4R1-S1 MPC10E, Juniper Networks Inc. JunOS \u043e\u0442 19.4 \u0434\u043e 19.4R1-S1 MPC11E, Juniper Networks Inc. JunOS \u043e\u0442 19.4 \u0434\u043e 19.4R1-S1 PTX10001, Juniper Networks Inc. JunOS \u043e\u0442 19.4 \u0434\u043e 19.4R2 MPC10E, Juniper Networks Inc. JunOS \u043e\u0442 19.4 \u0434\u043e 19.4R2 MPC11E, Juniper Networks Inc. JunOS \u043e\u0442 19.4 \u0434\u043e 19.4R2 PTX10001, Juniper Networks Inc. Junos OS Evolved 19.2-EVO QFX5200, Juniper Networks Inc. Junos OS Evolved 19.2-EVO PTX10003, Juniper Networks Inc. Junos OS Evolved 19.3-EVO QFX5200, Juniper Networks Inc. Junos OS Evolved 19.3-EVO PTX10003, Juniper Networks Inc. Junos OS Evolved \u0434\u043e 19.4R2-EVO QFX5200, Juniper Networks Inc. Junos OS Evolved \u0434\u043e 19.4R2-EVO PTX10003, Juniper Networks Inc. JunOS \u0434\u043e 19.2R1-S4 MPC10E, Juniper Networks Inc. JunOS \u0434\u043e 19.2R1-S4 MPC11E, Juniper Networks Inc. JunOS \u0434\u043e 19.2R1-S4 PTX10001, Juniper Networks Inc. JunOS \u0434\u043e 19.2R2 MPC10E, Juniper Networks Inc. JunOS \u0434\u043e 19.2R2 MPC11E, Juniper Networks Inc. JunOS \u0434\u043e 19.2R2 PTX10001, Juniper Networks Inc. JunOS \u0434\u043e 19.3R2-S2 MPC10E, Juniper Networks Inc. JunOS \u0434\u043e 19.3R2-S2 MPC11E, Juniper Networks Inc. JunOS \u0434\u043e 19.3R2-S2 PTX10001, Juniper Networks Inc. JunOS \u0434\u043e 19.3R3 MPC10E, Juniper Networks Inc. JunOS \u0434\u043e 19.3R3 MPC11E, Juniper Networks Inc. JunOS \u0434\u043e 19.3R3 PTX10001, Juniper Networks Inc. JunOS \u0434\u043e 19.4R1-S1 MPC10E, Juniper Networks Inc. JunOS \u0434\u043e 19.4R1-S1 MPC11E, Juniper Networks Inc. JunOS \u0434\u043e 19.4R1-S1 PTX10001, Juniper Networks Inc. JunOS \u0434\u043e 19.4R2 MPC10E, Juniper Networks Inc. JunOS \u0434\u043e 19.4R2 MPC11E, Juniper Networks Inc. JunOS \u0434\u043e 19.4R2 PTX10001, Juniper Networks Inc. Junos OS Evolved \u0434\u043e 19.3-EVO PTX10003, Juniper Networks Inc. Junos OS Evolved \u0434\u043e 19.2-EVO PTX10003, Juniper Networks Inc. Junos OS Evolved \u0434\u043e 19.2-EVO QFX5220, Juniper Networks Inc. Junos OS Evolved \u0434\u043e 19.3-EVO QFX5220, Juniper Networks Inc. Junos OS Evolved \u0434\u043e 19.4R2-EVO QFX5220",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f FPC \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c JunOS \u0438 JunOS Evolved, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u041f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 sizeof() \u043d\u0430 \u0442\u0438\u043f\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f (CWE-467)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f FPC \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c JunOS \u0438 JunOS Evolved \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11019\u0026cat=SIRT_1\u0026actp=LIST\nhttps://kb.juniper.net/JSA11019\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1638",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-467",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CVE-2020-1638 (GCVE-0-2020-1638)

Vulnerability from cvelistv5 – Published: 2020-04-08 19:26 – Updated: 2024-09-17 02:53

Title

Junos OS & Junos OS Evolved: A specific IPv4 packet can lead to FPC restart.

Summary

The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and Junos OS Evolved may restart after processing a specific IPv4 packet. Only packets destined to the device itself, successfully reaching the RE through existing edge and control plane filtering, will be able to cause the FPC restart. When this issue occurs, all traffic via the FPC will be dropped. By continuously sending this specific IPv4 packet, an attacker can repeatedly crash the FPC, causing an extended Denial of Service (DoS) condition. This issue can only occur when processing a specific IPv4 packet. IPv6 packets cannot trigger this issue. This issue affects: Juniper Networks Junos OS on MX Series with MPC10E or MPC11E and PTX10001: 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. Juniper Networks Junos OS Evolved on on QFX5220, and PTX10003 series: 19.2-EVO versions; 19.3-EVO versions; 19.4-EVO versions prior to 19.4R2-EVO. This issue does not affect Junos OS versions prior to 19.2R1. This issue does not affect Junos OS Evolved versions prior to 19.2R1-EVO.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-467 - Use of sizeof() on a Pointer Type

Assigner

juniper

References

URL

Tags

https://kb.juniper.net/JSA11019

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Juniper Networks

Junos OS

Affected: 19.2 , < 19.2R1-S4, 19.2R2 (custom)
Affected: 19.3 , < 19.3R2-S2, 19.3R3 (custom)
Affected: 19.4 , < 19.4R1-S1, 19.4R2 (custom)

Juniper Networks	Junos OS	Unaffected: unspecified , < 19.2R1 (custom)
Juniper Networks	Junos OS Evolved	Affected: 19.2-EVO Affected: 19.3-EVO 19.2-EVO Affected: 19.4-EVO , < 19.4R2-EVO (custom)
Juniper Networks	Junos OS Evolved	Unaffected: unspecified , < 19.2R1-EVO (custom)

Date Public ?

2020-04-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:46:29.694Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11019"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "MX Series with MPC10E or MPC11E and PTX10001"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "19.2R1-S4, 19.2R2",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R2-S2, 19.3R3",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R1-S1, 19.4R2",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "19.2R1",
              "status": "unaffected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "QFX5220, and PTX10003 series"
          ],
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "19.2-EVO"
            },
            {
              "status": "affected",
              "version": "19.3-EVO 19.2-EVO"
            },
            {
              "lessThan": "19.4R2-EVO",
              "status": "affected",
              "version": "19.4-EVO",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "19.2R1-EVO",
              "status": "unaffected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-04-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and Junos OS Evolved may restart after processing a specific IPv4 packet. Only packets destined to the device itself, successfully reaching the RE through existing edge and control plane filtering, will be able to cause the FPC restart. When this issue occurs, all traffic via the FPC will be dropped. By continuously sending this specific IPv4 packet, an attacker can repeatedly crash the FPC, causing an extended Denial of Service (DoS) condition. This issue can only occur when processing a specific IPv4 packet. IPv6 packets cannot trigger this issue. This issue affects: Juniper Networks Junos OS on MX Series with MPC10E or MPC11E and PTX10001: 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. Juniper Networks Junos OS Evolved on on QFX5220, and PTX10003 series: 19.2-EVO versions; 19.3-EVO versions; 19.4-EVO versions prior to 19.4R2-EVO. This issue does not affect Junos OS versions prior to 19.2R1. This issue does not affect Junos OS Evolved versions prior to 19.2R1-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-467",
              "description": "CWE-467: Use of sizeof() on a Pointer Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-08T19:26:01.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA11019"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 19.2R1-S4, 19.2R2, 19.3R2-S2, 19.3R3, 19.4R1-S1, 19.4R2, 20.1R1, and all subsequent releases.\nJunos OS Evolved: 19.4R2-EVO, 20.1R1-EVO, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11019",
        "defect": [
          "1493176"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS \u0026 Junos OS Evolved: A specific IPv4 packet can lead to FPC restart.",
      "workarounds": [
        {
          "lang": "en",
          "value": "There is no workaround for this issue.\n\nStandard security best common practices such as limiting packet toward the RE only from trusted networks/host using firewall filter in combination with source address anti-spoofing should be applied to reduce the risk of exposure."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
          "ID": "CVE-2020-1638",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS \u0026 Junos OS Evolved: A specific IPv4 packet can lead to FPC restart."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "MX Series with MPC10E or MPC11E and PTX10001",
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R1-S4, 19.2R2"
                          },
                          {
                            "platform": "MX Series with MPC10E or MPC11E and PTX10001",
                            "version_affected": "\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R2-S2, 19.3R3"
                          },
                          {
                            "platform": "MX Series with MPC10E or MPC11E and PTX10001",
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R1-S1, 19.4R2"
                          },
                          {
                            "version_affected": "!\u003c",
                            "version_value": "19.2R1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS Evolved",
                      "version": {
                        "version_data": [
                          {
                            "platform": "QFX5220, and PTX10003 series",
                            "version_affected": "=",
                            "version_name": "19.2-EVO",
                            "version_value": "19.2-EVO"
                          },
                          {
                            "platform": "QFX5220, and PTX10003 series",
                            "version_affected": "=",
                            "version_name": "19.3-EVO",
                            "version_value": "19.2-EVO"
                          },
                          {
                            "platform": "QFX5220, and PTX10003 series",
                            "version_affected": "\u003c",
                            "version_name": "19.4-EVO",
                            "version_value": "19.4R2-EVO"
                          },
                          {
                            "version_affected": "!\u003c",
                            "version_value": "19.2R1-EVO"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and Junos OS Evolved may restart after processing a specific IPv4 packet. Only packets destined to the device itself, successfully reaching the RE through existing edge and control plane filtering, will be able to cause the FPC restart. When this issue occurs, all traffic via the FPC will be dropped. By continuously sending this specific IPv4 packet, an attacker can repeatedly crash the FPC, causing an extended Denial of Service (DoS) condition. This issue can only occur when processing a specific IPv4 packet. IPv6 packets cannot trigger this issue. This issue affects: Juniper Networks Junos OS on MX Series with MPC10E or MPC11E and PTX10001: 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. Juniper Networks Junos OS Evolved on on QFX5220, and PTX10003 series: 19.2-EVO versions; 19.3-EVO versions; 19.4-EVO versions prior to 19.4R2-EVO. This issue does not affect Junos OS versions prior to 19.2R1. This issue does not affect Junos OS Evolved versions prior to 19.2R1-EVO."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-467: Use of sizeof() on a Pointer Type"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11019",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA11019"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 19.2R1-S4, 19.2R2, 19.3R2-S2, 19.3R3, 19.4R1-S1, 19.4R2, 20.1R1, and all subsequent releases.\nJunos OS Evolved: 19.4R2-EVO, 20.1R1-EVO, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11019",
          "defect": [
            "1493176"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "There is no workaround for this issue.\n\nStandard security best common practices such as limiting packet toward the RE only from trusted networks/host using firewall filter in combination with source address anti-spoofing should be applied to reduce the risk of exposure."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2020-1638",
    "datePublished": "2020-04-08T19:26:01.632Z",
    "dateReserved": "2019-11-04T00:00:00.000Z",
    "dateUpdated": "2024-09-17T02:53:25.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2020-04563

CVE-2020-1638 (GCVE-0-2020-1638)

Tags

Sightings

Nomenclature