| Vulnerability Name: | CVE-2020-1626 (CCN-179298) | ||||||||||||
| Assigned: | 2019-11-04 | ||||||||||||
| Published: | 2020-04-08 | ||||||||||||
| Updated: | 2021-07-21 | ||||||||||||
| Summary: | A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash. The pfemand process is responsible for packet forwarding on the device. By continuously sending the packet flood, an attacker can repeatedly crash the pfemand process causing a sustained Denial of Service. This issue can only be triggered by traffic sent to the device. Transit traffic does not cause this issue. This issue affects all version of Junos OS Evolved prior to 19.1R1-EVO. | ||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-400 | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-1626 Source: XF Type: UNKNOWN juniper-cve20201626-dos(179298) Source: CCN Type: Juniper Networks Security Bulletin JSA11005 Junos OS Evolved: Denial of Service vulnerability in processing high rate of specific packets (CVE-2020-1626) Source: CONFIRM Type: Vendor Advisory https://kb.juniper.net/JSA11005 Source: MISC Type: Third Party Advisory https://tools.ietf.org/html/rfc6192 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||