Published: 11/07/2019 Updated: 09/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a certain sequence of BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. Repeated crashes of the RPD process can cause prolonged Denial of Service (DoS). Graceful restart helper mode for BGP is enabled by default. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 16.1 versions before 16.1R7-S3; 16.2 versions before 16.2R2-S9; 17.1 versions before 17.1R3; 17.2 versions before 17.2R3; 17.2X75 versions before 17.2X75-D105; 17.3 versions before 17.3R3-S2; 17.4 versions before 17.4R1-S7, 17.4R2-S2, 17.4R3; 18.1 versions before 18.1R3-S2; 18.2 versions before 18.2R2; 18.2X75 versions before 18.2X75-D12, 18.2X75-D30; 18.3 versions before 18.3R1-S4, 18.3R2. Junos OS releases before 16.1R1 are not affected.

Vulnerability Trend

Affected Products

Vendor Product Versions
JuniperJunos16.1, 16.2, 17.1, 17.2, 17.2x75, 17.3, 17.4, 18.1, 18.2, 18.2x75, 18.3