CVE-2020-1662 - Vulnerability Details

Vendors	Products
Juniper	Junos

Source	ID	Title
EUVD	EUVD-2020-12525	On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3.

Link	Providers
https://kb.juniper.net/JSA11059

{"containers": {"cna": {"affected": [{"product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"status": "affected", "version": "17.2R3-S3"}, {"lessThan": "17.2R3-S3", "status": "unaffected", "version": "unspecified", "versionType": "custom"}, {"changes": [{"at": "17.3R3-S8", "status": "unaffected"}], "lessThan": "17.3*", "status": "affected", "version": "17.3R3-S3", "versionType": "custom"}, {"changes": [{"at": "17.4R2-S10, 17.4R3-S2", "status": "unaffected"}], "lessThan": "17.4*", "status": "affected", "version": "17.4R2-S4, 17.4R3", "versionType": "custom"}, {"changes": [{"at": "18.1R3-S10", "status": "unaffected"}], "lessThan": "18.1*", "status": "affected", "version": "18.1R3-S6", "versionType": "custom"}, {"changes": [{"at": "18.2R3-S4", "status": "unaffected"}], "lessThan": "18.2*", "status": "affected", "version": "18.2R3", "versionType": "custom"}, {"changes": [{"at": "18.2X75-D53, 18.2X75-D65", "status": "unaffected"}], "lessThan": "18.2X75*", "status": "affected", "version": "18.2X75-D50, 18.2X75-D60", "versionType": "custom"}, {"changes": [{"at": "18.3R2-S4, 18.3R3-S2", "status": "unaffected"}], "lessThan": "18.3*", "status": "affected", "version": "18.3R2", "versionType": "custom"}, {"changes": [{"at": "18.4R2-S5, 18.4R3-S2", "status": "unaffected"}], "lessThan": "18.4*", "status": "affected", "version": "18.4R2", "versionType": "custom"}, {"changes": [{"at": "19.1R2-S2, 19.1R3-S1", "status": "unaffected"}], "lessThan": "19.1*", "status": "affected", "version": "19.1R1", "versionType": "custom"}, {"changes": [{"at": "19.2R1-S5, 19.2R2", "status": "unaffected"}], "lessThan": "19.2*", "status": "affected", "version": "19.2R1", "versionType": "custom"}, {"lessThan": "19.3R2-S3, 19.3R3", "status": "affected", "version": "19.3", "versionType": "custom"}, {"lessThan": "19.4R1-S3, 19.4R2", "status": "affected", "version": "19.4", "versionType": "custom"}, {"lessThan": "20.1R1-S2, 20.1R2", "status": "affected", "version": "20.1", "versionType": "custom"}]}, {"product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"status": "affected", "version": "19.4-EVO"}, {"lessThan": "20.1R2-EVO", "status": "affected", "version": "20.1-EVO", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "The example of the configuration stanza affected by this issue is as follows:\n [protocols bgp damping]\n\nused in combination with accepted-prefix-limit configuration:\n [protocols bgp ... accepted-prefix-limit]"}], "datePublic": "2020-10-14T00:00:00", "descriptions": [{"lang": "en", "value": "On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-16T20:31:26", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA11059"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 17.2R3-S4, 17.3R3-S8, 17.3R3-S9, 17.4R2-S10, 17.4R3-S2, 18.1R3-S10, 18.2R3-S4, 18.2X75-D53, 18.2X75-D65, 18.3R2-S4, 18.3R3-S2, 18.4R2-S5, 18.4R3-S2, 19.1R2-S2, 19.1R3-S1, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.\n\n\nJunos OS Evolved: 20.1R2-EVO, and all subsequent releases."}], "source": {"advisory": "JSA11059", "defect": ["1490079"], "discovery": "USER"}, "title": "Junos OS and Junos OS Evolved: RPD crash due to BGP session flapping.", "workarounds": [{"lang": "en", "value": "There are multiple workarounds that can be applied to prevent this issue:\n\n1. Disable BGP router flap damping.\n\n2. Replace \"accepted-prefix-limit\" with \"prefix-limit\" in the BGP configuration, for example: \n [edit protocols bgp group ${GRP} neighbor ${NEI} family ${AFI} unicast] \n + prefix-limit {\n - accepted-prefix-limit {\n\n 3. Make sure that the BGP session idle-timeout is longer than damping max-suppress time. \nIn other words, by the time a peer is eligible to establish BGP session again, no previously advertised prefixes remain suppressed.\nThe BGP session idle time out is configured under:\n [protocols bgp damping ... teardown <TEARDOWN_VALUE> idle-timeout <IDLE_TIMEOUT_VALUE>]\nThe BGP damping max-suppress time configured under:\n [protocol bgp damping... max-suppress <MAX_SUPPRES_VALUE>]\nThe <IDLE_TIMEOUT_VALUE> needs to be higher than <MAX_SUPPRES_VALUE>"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-10-14T16:00:00.000Z", "ID": "CVE-2020-1662", "STATE": "PUBLIC", "TITLE": "Junos OS and Junos OS Evolved: RPD crash due to BGP session flapping."}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos OS", "version": {"version_data": [{"version_affected": "=", "version_name": "17.2", "version_value": "17.2R3-S3"}, {"version_affected": ">=", "version_name": "17.3", "version_value": "17.3R3-S3"}, {"version_affected": "<", "version_name": "17.3", "version_value": "17.3R3-S8"}, {"version_affected": ">=", "version_name": "17.4", "version_value": "17.4R2-S4, 17.4R3"}, {"version_affected": "<", "version_name": "17.4", "version_value": "17.4R2-S10, 17.4R3-S2"}, {"version_affected": ">=", "version_name": "18.1", "version_value": "18.1R3-S6"}, {"version_affected": "<", "version_name": "18.1", "version_value": "18.1R3-S10"}, {"version_affected": ">=", "version_name": "18.2", "version_value": "18.2R3"}, {"version_affected": "<", "version_name": "18.2", "version_value": "18.2R3-S4"}, {"version_affected": ">=", "version_name": "18.2X75", "version_value": "18.2X75-D50, 18.2X75-D60"}, {"version_affected": "<", "version_name": "18.2X75", "version_value": "18.2X75-D53, 18.2X75-D65"}, {"version_affected": ">=", "version_name": "18.3", "version_value": "18.3R2"}, {"version_affected": "<", "version_name": "18.3", "version_value": "18.3R2-S4, 18.3R3-S2"}, {"version_affected": ">=", "version_name": "18.4", "version_value": "18.4R2"}, {"version_affected": "<", "version_name": "18.4", "version_value": "18.4R2-S5, 18.4R3-S2"}, {"version_affected": ">=", "version_name": "19.1", "version_value": "19.1R1"}, {"version_affected": "<", "version_name": "19.1", "version_value": "19.1R2-S2, 19.1R3-S1"}, {"version_affected": ">=", "version_name": "19.2", "version_value": "19.2R1"}, {"version_affected": "<", "version_name": "19.2", "version_value": "19.2R1-S5, 19.2R2"}, {"version_affected": "<", "version_name": "19.3", "version_value": "19.3R2-S3, 19.3R3"}, {"version_affected": "<", "version_name": "19.4", "version_value": "19.4R1-S3, 19.4R2"}, {"version_affected": "<", "version_name": "20.1", "version_value": "20.1R1-S2, 20.1R2"}, {"version_affected": "!<", "version_value": "17.2R3-S3"}]}}, {"product_name": "Junos OS Evolved", "version": {"version_data": [{"version_affected": "=", "version_name": "19.4-EVO", "version_value": "19.4-EVO"}, {"version_affected": "<", "version_name": "20.1-EVO", "version_value": "20.1R2-EVO"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "configuration": [{"lang": "en", "value": "The example of the configuration stanza affected by this issue is as follows:\n [protocols bgp damping]\n\nused in combination with accepted-prefix-limit configuration:\n [protocols bgp ... accepted-prefix-limit]"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA11059", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA11059"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 17.2R3-S4, 17.3R3-S8, 17.3R3-S9, 17.4R2-S10, 17.4R3-S2, 18.1R3-S10, 18.2R3-S4, 18.2X75-D53, 18.2X75-D65, 18.3R2-S4, 18.3R3-S2, 18.4R2-S5, 18.4R3-S2, 19.1R2-S2, 19.1R3-S1, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.\n\n\nJunos OS Evolved: 20.1R2-EVO, and all subsequent releases."}], "source": {"advisory": "JSA11059", "defect": ["1490079"], "discovery": "USER"}, "work_around": [{"lang": "en", "value": "There are multiple workarounds that can be applied to prevent this issue:\n\n1. Disable BGP router flap damping.\n\n2. Replace \"accepted-prefix-limit\" with \"prefix-limit\" in the BGP configuration, for example: \n [edit protocols bgp group ${GRP} neighbor ${NEI} family ${AFI} unicast] \n + prefix-limit {\n - accepted-prefix-limit {\n\n 3. Make sure that the BGP session idle-timeout is longer than damping max-suppress time. \nIn other words, by the time a peer is eligible to establish BGP session again, no previously advertised prefixes remain suppressed.\nThe BGP session idle time out is configured under:\n [protocols bgp damping ... teardown <TEARDOWN_VALUE> idle-timeout <IDLE_TIMEOUT_VALUE>]\nThe BGP damping max-suppress time configured under:\n [protocol bgp damping... max-suppress <MAX_SUPPRES_VALUE>]\nThe <IDLE_TIMEOUT_VALUE> needs to be higher than <MAX_SUPPRES_VALUE>"}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:46:29.665Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/JSA11059"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2020-1662", "datePublished": "2020-10-16T20:31:26.882621Z", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-09-16T19:04:48.478Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:17.2:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "7939BCE6-D4E8-4366-B954-32D77F21A35D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "488BB10A-1360-42E5-A68D-23D51B332850", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "64988F0A-E02C-455B-99C9-4059C896416F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s7:*:*:*:*:*:*", "matchCriteriaId": "C9C703CA-9309-413A-9CD7-585277ADD32D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s4:*:*:*:*:*:*", "matchCriteriaId": "2B482BCC-1F0C-47AA-B63B-1B39CEF7B2C0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s5:*:*:*:*:*:*", "matchCriteriaId": "A636F9F2-2DA7-4A27-AD80-FD1B34DFCA94", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s6:*:*:*:*:*:*", "matchCriteriaId": "4EC7D216-D8F3-4ABD-97C9-4C9FB6DF64FF", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s7:*:*:*:*:*:*", "matchCriteriaId": "5E327643-D8D8-4EFA-9F38-BA862A919501", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s8:*:*:*:*:*:*", "matchCriteriaId": "1BC6CE1C-9DD8-429E-BDC2-251D8C8674E3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s9:*:*:*:*:*:*", "matchCriteriaId": "63B00B4F-3E65-4CB2-807D-43908B570AE6", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:17.4:r3:*:*:*:*:*:*", "matchCriteriaId": "8732E25A-9073-4C7B-9E89-C02368728EB4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:17.4:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "09255363-BF79-4FC3-AADD-5FAD0902174F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s6:*:*:*:*:*:*", "matchCriteriaId": "7988CE92-71D2-4EEC-B596-4A60E2C1136A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s7:*:*:*:*:*:*", "matchCriteriaId": "330D176F-8DAD-440C-A623-44FA233FAB01", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s8:*:*:*:*:*:*", "matchCriteriaId": "8CC5EAB8-1364-4325-9F01-BE7CC479C29D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s9:*:*:*:*:*:*", "matchCriteriaId": "4E2E933A-852F-4257-860D-09638EE0D2F3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r3:*:*:*:*:*:*", "matchCriteriaId": "B670F988-78F2-4BC6-B7FC-E34C280F67DC", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "2F9451C7-6466-4AC9-9A7F-90A2817AED6C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "871CA952-C5EC-4A25-8EF0-C2EC484F7DE9", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "80E2AD65-3DAC-4618-AB73-C43EDCDC7A13", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2x75:d50:*:*:*:*:*:*", "matchCriteriaId": "EAB1E336-C92A-4A65-A3D9-F2926E76A598", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2x75:d51:*:*:*:*:*:*", "matchCriteriaId": "0F15B017-F0AB-4DB7-9718-85C97CBC19DF", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2x75:d60:*:*:*:*:*:*", "matchCriteriaId": "0A109959-DE76-44D3-9AE2-0106875B03A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r2:*:*:*:*:*:*", "matchCriteriaId": "B7A3FBD3-5399-42A9-9BD9-E3C981CBD6DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "4EBD361C-8B4D-43EF-8B82-9FE165D8206E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "6E7539C4-6208-43EB-9A0B-4852D0CE0FA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r2-s3:*:*:*:*:*:*", "matchCriteriaId": "35299B02-DC75-458D-B86D-8A0DB95B06AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r3:*:*:*:*:*:*", "matchCriteriaId": "CFB29C9B-9729-43EB-AF98-AF44038DA711", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "2D1FB957-54C8-428E-BC8D-2802D7F6895F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r2:*:*:*:*:*:*", "matchCriteriaId": "D59D7A31-128B-4034-862B-8EF3CE3EE949", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "0C5E097B-B79E-4E6A-9291-C8CB9674FED5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "819FA3ED-F934-4B20-BC0E-D638ACCB7787", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s3:*:*:*:*:*:*", "matchCriteriaId": "3D7D773A-4988-4D7C-A105-1885EBE14426", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s4:*:*:*:*:*:*", "matchCriteriaId": "1BD93674-9375-493E-BD6C-8AD41CC75DD4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r3:*:*:*:*:*:*", "matchCriteriaId": "736B7A9F-E237-45AF-A6D6-84412475F481", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "62E63730-F697-4FE6-936B-FD9B4F22EAE8", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r1:*:*:*:*:*:*", "matchCriteriaId": "5332B70A-F6B0-4C3B-90E2-5CBFB3326126", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "81439FE8-5405-45C2-BC04-9823D2009A77", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "E506138D-043E-485D-B485-94A2AB75F8E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s3:*:*:*:*:*:*", "matchCriteriaId": "0EF3C901-3599-463F-BEFB-8858768DC195", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s4:*:*:*:*:*:*", "matchCriteriaId": "CD806778-A995-4A9B-9C05-F4D7B1CB1F7D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r2:*:*:*:*:*:*", "matchCriteriaId": "DCAB79C9-6639-4ED0-BEC9-E7C8229DF977", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "C8CF858F-84BB-4AEA-B829-FCF22C326160", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r3:*:*:*:*:*:*", "matchCriteriaId": "5405F361-AB96-4477-AA0D-49B874324B39", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.2:r1:*:*:*:*:*:*", "matchCriteriaId": "4CA3060F-1800-4A06-A453-FB8CE4B65312", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "9A5B337A-727C-4767-AD7B-E0F7F99EB46F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "16FDE60B-7A99-4683-BC14-530B5B005F8B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s3:*:*:*:*:*:*", "matchCriteriaId": "725D8C27-E4F8-4394-B4EC-B49B6D3C2709", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:*", "matchCriteriaId": "59006503-B2CA-4F79-AC13-7C5615A74CE5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.3:r1:*:*:*:*:*:*", "matchCriteriaId": "B8110DA9-54B1-43CF-AACB-76EABE0C9EF6", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "11B5CC5A-1959-4113-BFCF-E4BA63D918C1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:*", "matchCriteriaId": "33F08A33-EF80-4D86-9A9A-9DF147B9B6D3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "AF24ACBD-5F84-47B2-BFF3-E9A56666269C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "3935A586-41BD-4FA5-9596-DED6F0864777", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*", "matchCriteriaId": "DC743EE4-8833-452A-94DB-655BF139F883", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "FE96A8EA-FFE3-4D8F-9266-21899149D634", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "C12A75C6-2D00-4202-B861-00FF71585FA0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*", "matchCriteriaId": "8328FDE6-9707-4142-B905-3B07C0E28E35", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "41CD982F-E6F2-4951-9F96-A76C142DF08E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3."}, {"lang": "es", "value": "En los dispositivos Juniper Networks Junos OS y Junos OS Evolved, la interrupci\u00f3n de la sesi\u00f3n BGP puede conllevar a un bloqueo y reinicio del routing process daemon (RPD), limitando la superficie de ataque a los peers BGP configurados. Este problema solo afecta a los dispositivos con amortiguaci\u00f3n BGP en combinaci\u00f3n con la configuraci\u00f3n accepted-prefix-limit. Cuando el problema ocurre, aparecer\u00e1n los siguientes mensajes en /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover. Este problema afecta a: Juniper Networks Junos OS: versi\u00f3n 17.2R3-S3; versiones 17.3 17.3R3-S3 y versiones posteriores, anteriores a 17.3R3-S8; 17.4 versi\u00f3n 17.4R2-S4, 17.4R3 y versiones posteriores, anteriores a 17.4R2-S10, 17.4R3-S2; 18.1 versi\u00f3n 18.1R3-S6 y versiones posteriores, anteriores a 18.1R3-S10; 18.2 versi\u00f3n 18.2R3 y versiones posteriores, anteriores a 18.2R3-S4; 18.2X75 versi\u00f3n 18.2X75-D50, 18.2X75-D60 y versiones posteriores, anteriores a 18.2X75-D53, 18.2X75-D65; 18.3 versi\u00f3n 18.3R2 y versiones posteriores, anteriores a 18.3R2-S4, 18.3R3-S2; 18.4 versi\u00f3n 18.4R2 y versiones posteriores, anteriores a 18.4R2-S5, 18. 4R3-S2; 19.1 versi\u00f3n 19.1R1 y versiones posteriores, anteriores a 19.1R2-S2, 19.1R3-S1; 19.2 versi\u00f3n 19.2R1 y versiones posteriores, anteriores a 19.2R1-S5, 19.2R2; 19.3 versiones anteriores a 19.3R2-S3, 19.3R3; 19.4 versiones anteriores a 19.4R1-S3, 19.4R2; Versiones 20.1 anteriores a 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved versiones anteriores a 20.1R2-EVO. Este problema no afecta a Juniper Networks Junos OS versiones anteriores a 17.2R3-S3"}], "id": "CVE-2020-1662", "lastModified": "2024-11-21T05:11:06.633", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2020-10-16T21:15:12.443", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA11059"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA11059"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "sirt@juniper.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object