Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2020-1640

Published: 17/07/2020 Updated: 24/07/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Junos

Vulnerability Summary

An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an malicious user to crash RPD thereby causing a Denial of Service (DoS) condition. This framework requires these packets to be passed. By continuously sending any of these types of formatted genuine packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Authentication to the BGP peer is not required. This issue can be initiated or propagated through eBGP and iBGP and can impact devices in either modes of use as long as the devices are configured to support the compromised framework and a BGP path is activated or active. This issue affects: Juniper Networks Junos OS 16.1 versions 16.1R7-S6 and later versions before 16.1R7-S8; 17.3 versions 17.3R2-S5, 17.3R3-S6 and later versions before 17.3R3-S8; 17.4 versions 17.4R2-S7, 17.4R3 and later versions before 17.4R2-S11, 17.4R3-S2; 18.1 versions 18.1R3-S7 and later versions before 18.1R3-S10; 18.2 versions 18.2R2-S6, 18.2R3-S2 and later versions before 18.2R2-S7, 18.2R3-S5; 18.2X75 versions 18.2X75-D12, 18.2X75-D32, 18.2X75-D33, 18.2X75-D51, 18.2X75-D60, 18.2X75-D411, 18.2X75-D420 and later versions before 18.2X75-D32, 18.2X75-D33, 18.2X75-D420, 18.2X75-D52, 18.2X75-D60, 18.2X75-D65, 18.2X75-D70;(*1) 18.3 versions 18.3R1-S6, 18.3R2-S3, 18.3R3 and later versions before 18.3R2-S4, 18.3R3-S2; 18.4 versions 18.4R1-S5, 18.4R2-S4, 18.4R3 and later versions before 18.4R1-S7, 18.4R2-S5, 18.4R3-S3(*2); 19.1 versions 19.1R1-S3, 19.1R2 and later versions before 19.1R1-S5, 19.1R2-S2, 19.1R3-S2; 19.2 versions 19.2R1-S2, 19.2R2 and later versions before 19.2R1-S5, 19.2R2, 19.2R3; 19.3 versions before 19.3R2-S3, 19.3R3; 19.4 versions before 19.4R1-S2, 19.4R2, 19.4R3; 20.1 versions before 20.1R1-S1, 20.1R2. This issue does not affect Junos OS before 16.1R1. This issue affects IPv4 and IPv6 traffic.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

juniper junos 16.1

juniper junos 17.3

juniper junos 17.4

juniper junos 18.1

juniper junos 18.2

juniper junos 18.2x75

juniper junos 18.3

juniper junos 18.4

juniper junos 19.1

juniper junos 19.2

juniper junos 19.3

juniper junos 19.4

juniper junos 20.1

References

CWE-20https://kb.juniper.net/JSA11024https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644unprivilegedCVE-2024-3494CVE-2024-22460CVE-2024-26026CVE-2024-23473firewallCVE-2024-28889XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook