Vulnerability CVE-2020-1650 - CERT Civis.Net

Vulnerability Name:

CVE-2020-1650 (CCN-184762)

Assigned:

2019-11-04

Published:

2020-07-08

Updated:

2021-07-21

Summary:

On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. By continuously sending these specific packets, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a prolonged Denial of Service. This issue affects MX Series devices using MS-PIC, MS-MIC or MS-MPC service cards with any service configured. This issue affects Juniper Networks Junos OS on MX Series: 17.2R2-S7; 17.3R3-S4, 17.3R3-S5; 17.4R2-S4 and the subsequent SRs (17.4R2-S5, 17.4R2-S6, etc.); 17.4R3; 18.1R3-S3, 18.1R3-S4, 18.1R3-S5, 18.1R3-S6, 18.1R3-S7, 18.1R3-S8; 18.2R3, 18.2R3-S1, 18.2R3-S2; 18.3R2 and the SRs based on 18.3R2; 18.4R2 and the SRs based on 18.4R2; 19.1R1 and the SRs based on 19.1R1; 19.2R1 and the SRs based on 19.2R1; 19.3R1 and the SRs based on 19.3R1.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-1650

Source: XF
Type: UNKNOWN
juniper-cve20201650-dos(184762)

Source: CCN
Type: Juniper Networks Security Bulletin JSA11037
Junos OS: MX Series: Denial of Service vulnerability in MS-PIC component on MS-MIC or MS-MPC (CVE-2020-1650)

Source: CONFIRM
Type: Vendor Advisory
https://kb.juniper.net/JSA11037

Vulnerable Configuration:

Configuration 1:

cpe:/o:juniper:junos:17.2:r2-s7:*:*:*:*:*:*

OR cpe:/o:juniper:junos:17.4:r2-s4:*:*:*:*:*:*

OR cpe:/o:juniper:junos:17.4:r2-s5:*:*:*:*:*:*

OR cpe:/o:juniper:junos:17.4:r2-s6:*:*:*:*:*:*

OR cpe:/o:juniper:junos:17.4:r2-s7:*:*:*:*:*:*

OR cpe:/o:juniper:junos:17.4:r2-s8:*:*:*:*:*:*

OR cpe:/o:juniper:junos:17.4:r2-s9:*:*:*:*:*:*

OR cpe:/o:juniper:junos:17.4:r3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.1:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.1:r2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.1:r3-s3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.2:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.3:r2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.1:r3-s4:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.1:r3-s5:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.2:r2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.1:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.4:r2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.2:r3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.1:r3-s6:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.1:r3-s7:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.1:r1-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.2:r3-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.3:r2-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.3:r2-s2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.4:r2-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.4:r2-s2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.2:r3-s2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.1:r3-s8:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.4:r2-s3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.3:r2-s3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.2:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.1:r1-s3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.1:r1-s2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.2:r1-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.2:r1-s2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.3:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*

AND

cpe:/h:juniper:mx10:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx10000:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx10003:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx104:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx150:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx2008:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx2010:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx2020:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx204:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx240:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx40:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx5:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx80:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx480:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx960:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:juniper:junos:17.2:-:*:*:*:*:*:*

OR cpe:/o:juniper:junos:17.3:-:*:*:*:*:*:*

OR cpe:/a:juniper:junos:18.1:-:*:*:*:*:*:*

OR cpe:/a:juniper:junos:18.2:*:*:*:*:*:*:*

OR cpe:/o:juniper:junos:17.4:-:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.3:-:*:*:*:*:*:*

OR cpe:/o:juniper:junos:18.4:-:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.1:-:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.2:-:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.3:-:*:*:*:*:*:*

Denotes that component is vulnerable