Vulnerability-Lookup

BDU:2020-05757

Vulnerability from fstec - Published: 14.10.2020

Title

Уязвимость модуля Kernel Routing Table (KRT) операционной системы Junos, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость модуля Kernel Routing Table (KRT) операционной системы Junos существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Juniper Networks Inc.

Software Name

JunOS

Software Version

до 17.2X75-D105 (JunOS), до 18.1R3-S11 (JunOS), до 18.2R3-S5 (JunOS), до 18.2X75-D420 (JunOS), до 18.2X75-D53 (JunOS), до 18.2X75-D65 (JunOS), до 18.3R2-S4 (JunOS), до 18.3R3-S3 (JunOS), до 18.4R1-S7 (JunOS), до 18.4R3-S4 (JunOS), до 19.1R2-S2 (JunOS), до 19.1R3-S2 (JunOS), до 19.2R1-S5 (JunOS), до 19.3R2-S3 (JunOS), до 19.3R3 (JunOS), до 19.4R1-S2 (JunOS), до 19.4R2-S1 (JunOS), до 19.4R3 (JunOS), до 20.1R1-S2 (JunOS), до 20.1R2 (JunOS)

Possible Mitigations

Использование рекомендаций производителя: https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11076&cat=SIRT_1&actp=LIST

Reference

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11076&cat=SIRT_1&actp=LIST https://nvd.nist.gov/vuln/detail/CVE-2020-1679

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Juniper Networks Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 17.2X75-D105 (JunOS), \u0434\u043e 18.1R3-S11 (JunOS), \u0434\u043e 18.2R3-S5 (JunOS), \u0434\u043e 18.2X75-D420 (JunOS), \u0434\u043e 18.2X75-D53 (JunOS), \u0434\u043e 18.2X75-D65 (JunOS), \u0434\u043e 18.3R2-S4 (JunOS), \u0434\u043e 18.3R3-S3 (JunOS), \u0434\u043e 18.4R1-S7 (JunOS), \u0434\u043e 18.4R3-S4 (JunOS), \u0434\u043e 19.1R2-S2 (JunOS), \u0434\u043e 19.1R3-S2 (JunOS), \u0434\u043e 19.2R1-S5 (JunOS), \u0434\u043e 19.3R2-S3 (JunOS), \u0434\u043e 19.3R3 (JunOS), \u0434\u043e 19.4R1-S2 (JunOS), \u0434\u043e 19.4R2-S1 (JunOS), \u0434\u043e 19.4R3 (JunOS), \u0434\u043e 20.1R1-S2 (JunOS), \u0434\u043e 20.1R2 (JunOS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11076\u0026cat=SIRT_1\u0026actp=LIST",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.10.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.06.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.12.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-05757",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-1679",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "JunOS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Juniper Networks Inc. JunOS 17.2X75 PTX Series, Juniper Networks Inc. JunOS 17.2X75 QFX series, Juniper Networks Inc. JunOS 18.1 PTX Series, Juniper Networks Inc. JunOS 18.1 QFX series, Juniper Networks Inc. JunOS 18.2 PTX Series, Juniper Networks Inc. JunOS 18.2 QFX series, Juniper Networks Inc. JunOS 18.2X75 PTX Series, Juniper Networks Inc. JunOS 18.2X75 QFX series, Juniper Networks Inc. JunOS 18.3 QFX series, Juniper Networks Inc. JunOS 18.3 PTX Series, Juniper Networks Inc. JunOS 18.4 PTX Series, Juniper Networks Inc. JunOS 18.4 QFX series, Juniper Networks Inc. JunOS 19.1 PTX Series, Juniper Networks Inc. JunOS 19.1 QFX series, Juniper Networks Inc. JunOS 19.2 PTX Series, Juniper Networks Inc. JunOS 19.2 QFX series, Juniper Networks Inc. JunOS 19.3 PTX Series, Juniper Networks Inc. JunOS 19.3 QFX series, Juniper Networks Inc. JunOS 19.4 QFX series, Juniper Networks Inc. JunOS 19.4 PTX Series, Juniper Networks Inc. JunOS 20.1 PTX Series, Juniper Networks Inc. JunOS 20.1 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 17.2X75-D105 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 17.2X75-D105 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 18.1R3-S11 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 18.1R3-S11 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 18.2R3-S5 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 18.2R3-S5 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 18.2X75-D420 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 18.2X75-D420 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 18.2X75-D53 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 18.2X75-D53 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 18.2X75-D65 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 18.2X75-D65 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 18.3R2-S4 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 18.3R2-S4 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 18.3R3-S3 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 18.3R3-S3 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 18.4R1-S7 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 18.4R1-S7 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 18.4R3-S4 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 18.4R3-S4 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 19.1R2-S2 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 19.1R2-S2 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 19.1R3-S2 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 19.1R3-S2 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 19.2R1-S5 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 19.2R1-S5 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 19.3R2-S3 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 19.3R2-S3 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 19.3R3 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 19.3R3 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 19.4R1-S2 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 19.4R1-S2 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 19.4R2-S1 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 19.4R2-S1 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 19.4R3 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 19.4R3 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 20.1R1-S2 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 20.1R1-S2 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 20.1R2 PTX Series, Juniper Networks Inc. JunOS \u0434\u043e 20.1R2 QFX series",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f Kernel Routing Table (KRT) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Junos, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f Kernel Routing Table (KRT) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Junos \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0417\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11076\u0026cat=SIRT_1\u0026actp=LIST\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1679",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CVE-2020-1679 (GCVE-0-2020-1679)

Vulnerability from cvelistv5 – Published: 2020-10-16 20:31 – Updated: 2024-09-16 19:19

Title

Junos OS: PTX/QFX Series: Kernel Routing Table (KRT) queue stuck after packet sampling a malformed packet when the tunnel-observation mpls-over-udp configuration is enabled.

Summary

On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device > show krt state ... Number of async queue entries: 65007 <--- this value keep on increasing. When this issue occurs, the following message might appear in the /var/log/messages: DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Too many delayed route/nexthop unrefs. Op 2 err 55, rtsm_id 5:-1, msg type 2 DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Memory usage of M_RTNEXTHOP type = (0) Max size possible for M_RTNEXTHOP type = (7297134592) Current delayed unref = (60000), Current unique delayed unref = (18420), Max delayed unref on this platform = (40000) Current delayed weight unref = (60000) Max delayed weight unref on this platform= (400000) curproc = rpd This issue affects Juniper Networks Junos OS on PTX/QFX Series: 17.2X75 versions prior to 17.2X75-D105; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Assigner

juniper

References

1 reference

URL	Tags
https://kb.juniper.net/JSA11076	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Juniper Networks	Junos OS	Unaffected: unspecified , < 18.1R1 (custom) Affected: 17.2X75 , < 17.2X75-D105 (custom) Affected: 18.1 , < 18.1R3-S11 (custom) Affected: 18.2 , < 18.2R3-S5 (custom) Affected: 18.2X75 , < 18.2X75-D420, 18.2X75-D53, 18.2X75-D65 (custom) Affected: 18.3 , < 18.3R2-S4, 18.3R3-S3 (custom) Affected: 18.4 , < 18.4R1-S7, 18.4R2-S5, 18.4R3-S4 (custom) Affected: 19.1 , < 19.1R2-S2, 19.1R3-S2 (custom) Affected: 19.2 , < 19.2R1-S5, 19.2R3 (custom) Affected: 19.3 , < 19.3R2-S3, 19.3R3 (custom) Affected: 19.4 , < 19.4R1-S2, 19.4R2-S1, 19.4R3 (custom) Affected: 20.1 , < 20.1R1-S2, 20.1R2 (custom)

Date Public

2020-10-14 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:46:30.484Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11076"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "PTX, QFX"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "18.1R1",
              "status": "unaffected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "17.2X75-D105",
              "status": "affected",
              "version": "17.2X75",
              "versionType": "custom"
            },
            {
              "lessThan": "18.1R3-S11",
              "status": "affected",
              "version": "18.1",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2R3-S5",
              "status": "affected",
              "version": "18.2",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2X75-D420, 18.2X75-D53, 18.2X75-D65",
              "status": "affected",
              "version": "18.2X75",
              "versionType": "custom"
            },
            {
              "lessThan": "18.3R2-S4, 18.3R3-S3",
              "status": "affected",
              "version": "18.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R1-S7, 18.4R2-S5, 18.4R3-S4",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1R2-S2, 19.1R3-S2",
              "status": "affected",
              "version": "19.1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R1-S5, 19.2R3",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R2-S3, 19.3R3",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R1-S2, 19.4R2-S1, 19.4R3",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.1R1-S2, 20.1R2",
              "status": "affected",
              "version": "20.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "The examples of the configuration stanza affected by this issue are as follows:\n  [services flow-monitoring version9 template \u003ctemplate_name\u003e tunnel-observation mpls-over-udp]\nor\n  [services flow-monitoring version-ipfix template \u003ctemplate_name\u003e tunnel-observation mpls-over-udp]"
        }
      ],
      "datePublic": "2020-10-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device \u003e show krt state ... Number of async queue entries: 65007 \u003c--- this value keep on increasing. When this issue occurs, the following message might appear in the /var/log/messages: DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Too many delayed route/nexthop unrefs. Op 2 err 55, rtsm_id 5:-1, msg type 2 DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Memory usage of M_RTNEXTHOP type = (0) Max size possible for M_RTNEXTHOP type = (7297134592) Current delayed unref = (60000), Current unique delayed unref = (18420), Max delayed unref on this platform = (40000) Current delayed weight unref = (60000) Max delayed weight unref on this platform= (400000) curproc = rpd This issue affects Juniper Networks Junos OS on PTX/QFX Series: 17.2X75 versions prior to 17.2X75-D105; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-16T20:31:34.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA11076"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.2X75-D105, 18.1R3-S11, 18.2R3-S5, 18.2X75-D420, 18.2X75-D53, 18.2X75-D65, 18.3R2-S4, 18.3R3-S3, 18.4R1-S7, 18.4R2-S5, 18.4R3-S4, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R2-S3, 19.3R3, 19.4R1-S2, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1, 20.3X75-D10, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11076",
        "defect": [
          "1495788"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: PTX/QFX Series: Kernel Routing Table (KRT) queue stuck after packet sampling a malformed packet when the tunnel-observation mpls-over-udp configuration is enabled.",
      "workarounds": [
        {
          "lang": "en",
          "value": "Disable sampling on all the interfaces will prevent the issue from occurring.\n\nIf the device is experiencing the issue, the administrator can perform the follow steps to restore KRT queue:\n1. Disable sampling configuration on this FPC\n  user@device\u003e deactivate chassis fpc\u003cslot-no\u003e sampling-instance \u003cinstance-name\u003e\n2. Restart multi-svcs process on this FPC by killing the process. The multi-svcs will get stared  automatically once it gets killed and resume normal processing."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
          "ID": "CVE-2020-1679",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: PTX/QFX Series: Kernel Routing Table (KRT) queue stuck after packet sampling a malformed packet when the tunnel-observation mpls-over-udp configuration is enabled."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "PTX, QFX",
                            "version_affected": "\u003c",
                            "version_name": "17.2X75",
                            "version_value": "17.2X75-D105"
                          },
                          {
                            "platform": "PTX, QFX",
                            "version_affected": "\u003c",
                            "version_name": "18.1",
                            "version_value": "18.1R3-S11"
                          },
                          {
                            "platform": "PTX, QFX",
                            "version_affected": "\u003c",
                            "version_name": "18.2",
                            "version_value": "18.2R3-S5"
                          },
                          {
                            "platform": "PTX, QFX",
                            "version_affected": "\u003c",
                            "version_name": "18.2X75",
                            "version_value": "18.2X75-D420, 18.2X75-D53, 18.2X75-D65"
                          },
                          {
                            "platform": "PTX, QFX",
                            "version_affected": "\u003c",
                            "version_name": "18.3",
                            "version_value": "18.3R2-S4, 18.3R3-S3"
                          },
                          {
                            "platform": "PTX, QFX",
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R1-S7, 18.4R2-S5, 18.4R3-S4"
                          },
                          {
                            "platform": "PTX, QFX",
                            "version_affected": "\u003c",
                            "version_name": "19.1",
                            "version_value": "19.1R2-S2, 19.1R3-S2"
                          },
                          {
                            "platform": "PTX, QFX",
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R1-S5, 19.2R3"
                          },
                          {
                            "platform": "PTX, QFX",
                            "version_affected": "\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R2-S3, 19.3R3"
                          },
                          {
                            "platform": "PTX, QFX",
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R1-S2, 19.4R2-S1, 19.4R3"
                          },
                          {
                            "platform": "PTX, QFX",
                            "version_affected": "\u003c",
                            "version_name": "20.1",
                            "version_value": "20.1R1-S2, 20.1R2"
                          },
                          {
                            "platform": "PTX, QFX",
                            "version_affected": "!\u003c",
                            "version_value": "18.1R1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "The examples of the configuration stanza affected by this issue are as follows:\n  [services flow-monitoring version9 template \u003ctemplate_name\u003e tunnel-observation mpls-over-udp]\nor\n  [services flow-monitoring version-ipfix template \u003ctemplate_name\u003e tunnel-observation mpls-over-udp]"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device \u003e show krt state ... Number of async queue entries: 65007 \u003c--- this value keep on increasing. When this issue occurs, the following message might appear in the /var/log/messages: DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Too many delayed route/nexthop unrefs. Op 2 err 55, rtsm_id 5:-1, msg type 2 DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Memory usage of M_RTNEXTHOP type = (0) Max size possible for M_RTNEXTHOP type = (7297134592) Current delayed unref = (60000), Current unique delayed unref = (18420), Max delayed unref on this platform = (40000) Current delayed weight unref = (60000) Max delayed weight unref on this platform= (400000) curproc = rpd This issue affects Juniper Networks Junos OS on PTX/QFX Series: 17.2X75 versions prior to 17.2X75-D105; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11076",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA11076"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.2X75-D105, 18.1R3-S11, 18.2R3-S5, 18.2X75-D420, 18.2X75-D53, 18.2X75-D65, 18.3R2-S4, 18.3R3-S3, 18.4R1-S7, 18.4R2-S5, 18.4R3-S4, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R2-S3, 19.3R3, 19.4R1-S2, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1, 20.3X75-D10, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11076",
          "defect": [
            "1495788"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Disable sampling on all the interfaces will prevent the issue from occurring.\n\nIf the device is experiencing the issue, the administrator can perform the follow steps to restore KRT queue:\n1. Disable sampling configuration on this FPC\n  user@device\u003e deactivate chassis fpc\u003cslot-no\u003e sampling-instance \u003cinstance-name\u003e\n2. Restart multi-svcs process on this FPC by killing the process. The multi-svcs will get stared  automatically once it gets killed and resume normal processing."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2020-1679",
    "datePublished": "2020-10-16T20:31:34.109Z",
    "dateReserved": "2019-11-04T00:00:00.000Z",
    "dateUpdated": "2024-09-16T19:19:08.326Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2020-05757

CVE-2020-1679 (GCVE-0-2020-1679)

Tags

Sightings

Nomenclature