admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-07-17 19:01:36 +00:00
parent f79b18638c
commit 704b2f564a
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
17 changed files with 96 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2020/15xxx/CVE-2020-15813.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15813",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code (in all versions that support LDAP) does not implement proper certificate validation (regardless of whether the \"Allow self-signed certificates\" option is used). Therefore, any attacker with the ability to intercept network traffic between a Graylog server and an LDAP server is able to redirect traffic to a different LDAP server (unnoticed by the Graylog server due to the lack of certificate validation), effectively bypassing Graylog's authentication mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Graylog2/graylog2-server/issues/5906",
"refsource": "MISC",
"name": "https://github.com/Graylog2/graylog2-server/issues/5906"
}
]
}

18
2020/15xxx/CVE-2020-15814.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15814",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

7
2020/1xxx/CVE-2020-1640.json
View File

@ -148,7 +148,7 @@
"description_data": [
{
"lang": "eng",
"value": "An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. This framework requires these packets to be passed. By continuously sending any of these types of formatted genuine packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Authentication to the BGP peer is not required.\n\nThis issue can be initiated or propagated through eBGP and iBGP and can impact devices in either modes of use as long as the devices are configured to support the compromised framework and a BGP path is activated or active. \n\nThis issue affects:\nJuniper Networks Junos OS\n16.1 versions 16.1R7-S6 and later versions prior to 16.1R7-S8;\n17.3 versions 17.3R2-S5, 17.3R3-S6 and later versions prior to 17.3R3-S8;\n17.4 versions 17.4R2-S7, 17.4R3 and later versions prior to 17.4R2-S11, 17.4R3-S2;\n18.1 versions 18.1R3-S7 and later versions prior to 18.1R3-S10;\n18.2 versions 18.2R2-S6, 18.2R3-S2 and later versions prior to 18.2R2-S7, 18.2R3-S5;\n18.2X75 versions 18.2X75-D12, 18.2X75-D32, 18.2X75-D33, 18.2X75-D51, 18.2X75-D60, 18.2X75-D411, 18.2X75-D420 and later versions prior to 18.2X75-D32, 18.2X75-D33, 18.2X75-D420, 18.2X75-D52, 18.2X75-D60, 18.2X75-D65, 18.2X75-D70;(*1) \n18.3 versions 18.3R1-S6, 18.3R2-S3, 18.3R3 and later versions prior to 18.3R2-S4, 18.3R3-S2;\n18.4 versions 18.4R1-S5, 18.4R2-S4, 18.4R3 and later versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S3(*2);\n19.1 versions 19.1R1-S3, 19.1R2 and later versions prior to 19.1R1-S5, 19.1R2-S2, 19.1R3-S2;\n19.2 versions 19.2R1-S2, 19.2R2 and later versions prior to 19.2R1-S5, 19.2R2, 19.2R3;\n19.3 versions prior to 19.3R2-S3, 19.3R3;\n19.4 versions prior to 19.4R1-S2, 19.4R2, 19.4R3;\n20.1 versions prior to 20.1R1-S1, 20.1R2.\n\nThis issue does not affect Junos OS prior to 16.1R1.\n\nThis issue affects IPv4 and IPv6 traffic. "
"value": "An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. This framework requires these packets to be passed. By continuously sending any of these types of formatted genuine packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Authentication to the BGP peer is not required. This issue can be initiated or propagated through eBGP and iBGP and can impact devices in either modes of use as long as the devices are configured to support the compromised framework and a BGP path is activated or active. This issue affects: Juniper Networks Junos OS 16.1 versions 16.1R7-S6 and later versions prior to 16.1R7-S8; 17.3 versions 17.3R2-S5, 17.3R3-S6 and later versions prior to 17.3R3-S8; 17.4 versions 17.4R2-S7, 17.4R3 and later versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions 18.1R3-S7 and later versions prior to 18.1R3-S10; 18.2 versions 18.2R2-S6, 18.2R3-S2 and later versions prior to 18.2R2-S7, 18.2R3-S5; 18.2X75 versions 18.2X75-D12, 18.2X75-D32, 18.2X75-D33, 18.2X75-D51, 18.2X75-D60, 18.2X75-D411, 18.2X75-D420 and later versions prior to 18.2X75-D32, 18.2X75-D33, 18.2X75-D420, 18.2X75-D52, 18.2X75-D60, 18.2X75-D65, 18.2X75-D70;(*1) 18.3 versions 18.3R1-S6, 18.3R2-S3, 18.3R3 and later versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions 18.4R1-S5, 18.4R2-S4, 18.4R3 and later versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S3(*2); 19.1 versions 19.1R1-S3, 19.1R2 and later versions prior to 19.1R1-S5, 19.1R2-S2, 19.1R3-S2; 19.2 versions 19.2R1-S2, 19.2R2 and later versions prior to 19.2R1-S5, 19.2R2, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2, 19.4R3; 20.1 versions prior to 20.1R1-S1, 20.1R2. This issue does not affect Junos OS prior to 16.1R1. This issue affects IPv4 and IPv6 traffic."
}
]
},
@ -200,8 +200,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11024"
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11024",
"name": "https://kb.juniper.net/JSA11024"
}
]
},

7
2020/1xxx/CVE-2020-1641.json
View File

@ -119,7 +119,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). This issue occurs when crafted LLDP packets are received by the device from an adjacent device. Multiple LACP flaps will occur after LLDP crashes.\n\nAn indicator of compromise is to evaluate log file details for lldp with RLIMIT. \nIntervention should occur before 85% threshold of used KB versus maximum available KB memory is reached.\n\n show log messages | match RLIMIT | match lldp | last 20 \n \nMatching statement is \" /kernel: %KERNEL-[number]: Process ([pid #],lldpd) has exceeded 85% of RLIMIT_DATA: \" with [] as variable data to evaluate for. \n\n\n\nThis issue affects:\nJuniper Networks Junos OS:\n12.3 versions prior to 12.3R12-S15;\n12.3X48 versions prior to 12.3X48-D95;\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D593;\n16.1 versions prior to 16.1R7-S7;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S2;\n17.2 versions prior to 17.2R1-S9, 17.2R3-S3;\n17.3 versions prior to 17.3R2-S5, 17.3R3-S6;\n17.4 versions prior to 17.4R2-S4, 17.4R3;\n18.1 versions prior to 18.1R3-S5;\n18.2 versions prior to 18.2R2-S7, 18.2R3;\n18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420;\n18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2;\n19.1 versions prior to 19.1R1-S4, 19.1R2."
"value": "A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). This issue occurs when crafted LLDP packets are received by the device from an adjacent device. Multiple LACP flaps will occur after LLDP crashes. An indicator of compromise is to evaluate log file details for lldp with RLIMIT. Intervention should occur before 85% threshold of used KB versus maximum available KB memory is reached. show log messages | match RLIMIT | match lldp | last 20 Matching statement is \" /kernel: %KERNEL-[number]: Process ([pid #],lldpd) has exceeded 85% of RLIMIT_DATA: \" with [] as variable data to evaluate for. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R2-S7, 18.2R3; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2."
}
]
},
@ -171,8 +171,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11027"
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11027",
"name": "https://kb.juniper.net/JSA11027"
}
]
},

2
2020/1xxx/CVE-2020-1643.json
View File

@ -109,7 +109,7 @@
"description_data": [
{
"lang": "eng",
"value": "Execution of the \"show ospf interface extensive\" or \"show ospf interface detail\" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS). By continuously executing the same CLI commands, a local attacker can repeatedly crash the RPD process causing a sustained Denial of Service.\n\nNote: Only systems utilizing ARM processors, found on the EX2300 and EX3400, are vulnerable to this issue. Systems shipped with other processor architectures are not vulnerable to this issue. The processor architecture can be displayed via the 'uname -a' command. For example:\n\nARM (vulnerable):\n % uname -a | awk '{print $NF}'\n arm\n\nPowerPC (not vulnerable):\n % uname -a | awk '{print $NF}'\n powerpc\n\nAMD (not vulnerable):\n % uname -a | awk '{print $NF}'\n amd64\n\nIntel (not vulnerable):\n % uname -a | awk '{print $NF}'\n i386\n\nThis issue affects Juniper Networks Junos OS:\n12.3X48 versions prior to 12.3X48-D100;\n14.1X53 versions prior to 14.1X53-D140, 14.1X53-D54;\n15.1 versions prior to 15.1R7-S7;\n15.1X49 versions prior to 15.1X49-D210;\n15.1X53 versions prior to 15.1X53-D593;\n16.1 versions prior to 16.1R7-S8;\n17.1 versions prior to 17.1R2-S12;\n17.2 versions prior to 17.2R3-S4;\n17.3 versions prior to 17.3R3-S8;\n17.4 versions prior to 17.4R2-S2, 17.4R3;\n18.1 versions prior to 18.1R3-S2;\n18.2 versions prior to 18.2R2, 18.2R3;\n18.2X75 versions prior to 18.2X75-D40;\n18.3 versions prior to 18.3R1-S2, 18.3R2."
"value": "Execution of the \"show ospf interface extensive\" or \"show ospf interface detail\" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS). By continuously executing the same CLI commands, a local attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Note: Only systems utilizing ARM processors, found on the EX2300 and EX3400, are vulnerable to this issue. Systems shipped with other processor architectures are not vulnerable to this issue. The processor architecture can be displayed via the 'uname -a' command. For example: ARM (vulnerable): % uname -a | awk '{print $NF}' arm PowerPC (not vulnerable): % uname -a | awk '{print $NF}' powerpc AMD (not vulnerable): % uname -a | awk '{print $NF}' amd64 Intel (not vulnerable): % uname -a | awk '{print $NF}' i386 This issue affects Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D100; 14.1X53 versions prior to 14.1X53-D140, 14.1X53-D54; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D210; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R2."
}
]
},

2
2020/1xxx/CVE-2020-1644.json
View File

@ -124,7 +124,7 @@
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart.\n\nThis issue affects both IBGP and EBGP multihop deployment in IPv4 or IPv6 network.\n\n\nThis issue affects:\nJuniper Networks Junos OS:\n17.2X75 versions prior to 17.2X75-D105.19;\n17.3 versions prior to 17.3R3-S8;\n17.4 versions prior to 17.4R2-S10, 17.4R3-S2;\n18.1 versions prior to 18.1R3-S10;\n18.2 versions prior to 18.2R2-S7, 18.2R3-S4;\n18.2X75 versions prior to 18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S2;\n18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2;\n19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3;\n19.2 versions prior to 19.2R1-S5, 19.2R2;\n19.3 versions prior to 19.3R2-S2, 19.3R3;\n19.4 versions prior to 19.4R1-S2, 19.4R2.\n\nJuniper Networks Junos OS Evolved: any releases prior to 20.1R2-EVO.\n\nThis issue does not affect Juniper Networks Junos OS releases prior to 17.3R1.\n"
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. This issue affects both IBGP and EBGP multihop deployment in IPv4 or IPv6 network. This issue affects: Juniper Networks Junos OS: 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.2X75 versions prior to 18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS Evolved: any releases prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R1."
}
]
},

2
2020/1xxx/CVE-2020-1645.json
View File

@ -104,7 +104,7 @@
"description_data": [
{
"lang": "eng",
"value": "When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing \"URL Filtering service\", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process.\n\nIf the issue occurs, system core-dumps output will show a crash of mspmand process:\n root@device> show system core-dumps\n -rw-rw---- 1 nobody wheel 575685123 <Date> /var/tmp/pics/mspmand.core.<*>.gz\n\nThis issue affects Juniper Networks Junos OS:\n17.3 versions prior to 17.3R3-S8;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S1;\n18.4 versions prior to 18.4R2-S5, 18.4R3;\n19.1 versions prior to 19.1R2-S2, 19.1R3;\n19.2 versions prior to 19.2R1-S5, 19.2R2;\n19.3 versions prior to 19.3R2-S3, 19.3R3;\n19.4 versions prior to 19.4R1-S3, 19.4R2.\n\nThis issue does not affect Juniper Networks Junos OS releases prior to 17.3R2."
"value": "When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing \"URL Filtering service\", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. If the issue occurs, system core-dumps output will show a crash of mspmand process: root@device> show system core-dumps -rw-rw---- 1 nobody wheel 575685123 <Date> /var/tmp/pics/mspmand.core.<*>.gz This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R2."
}
]
},

2
2020/1xxx/CVE-2020-1646.json
View File

@ -64,7 +64,7 @@
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart.\n\nThis issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer.\nThis issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer.\nHowever, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer.\n\nRepeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition.\n\nThis issue affects:\nJuniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7.\nJuniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO.\n\nOther Junos OS releases are not affected."
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO. Other Junos OS releases are not affected."
}
]
},

2
2020/1xxx/CVE-2020-1647.json
View File

@ -86,7 +86,7 @@
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message.\n\nContinued processing of this specific HTTP message may result in an extended Denial of Service (DoS).\n\nThe offending HTTP message that causes this issue may originate both from the HTTP server or the client.\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n18.1 versions prior to 18.1R3-S9;\n18.2 versions prior to 18.2R3-S3;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S1;\n18.4 versions prior to 18.4R2-S5, 18.4R3;\n19.1 versions prior to 19.1R2;\n19.2 versions prior to 19.2R1-S2, 19.2R2;\n19.3 versions prior to 19.3R2.\n\nThis issue does not affect Juniper Networks Junos OS prior to 18.1R1."
"value": "On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message. Continued processing of this specific HTTP message may result in an extended Denial of Service (DoS). The offending HTTP message that causes this issue may originate both from the HTTP server or the client. This issue affects Juniper Networks Junos OS on SRX Series: 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1."
}
]
},

2
2020/1xxx/CVE-2020-1648.json
View File

@ -85,7 +85,7 @@
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart.\n\nThis issue can occur even before the BGP session with the peer is established.\n\nRepeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition.\n\nThis issue affects:\nJuniper Networks Junos OS:\n18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70;\n19.4 versions 19.4R1 and 19.4R1-S1;\n20.1 versions prior to 20.1R1-S2, 20.1R2.\n\nJuniper Networks Junos OS Evolved:\n19.4-EVO versions prior to 19.4R2-S2-EVO;\n20.1-EVO versions prior to 20.1R2-EVO.\n\nThis issue does not affect:\nJuniper Networks Junos OS releases prior to 19.4R1.\nJuniper Networks Junos OS Evolved releases prior to 19.4R1-EVO."
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70; 19.4 versions 19.4R1 and 19.4R1-S1; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: 19.4-EVO versions prior to 19.4R2-S2-EVO; 20.1-EVO versions prior to 20.1R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO."
}
]
},

2
2020/1xxx/CVE-2020-1649.json
View File

@ -110,7 +110,7 @@
"description_data": [
{
"lang": "eng",
"value": "When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of small fragments requiring reassembly, generating the following error messages:\n\n [LOG: Err] MQSS(2): WO: Packet Error - Error Packets 1, Connection 29\n [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[2:0]: HMCIF Rx: Injected checksum error detected on WO response - Chunk Address 0x0\n [LOG: Err] MQSS(2): DRD: RORD1: CMD reorder ID error - Command 11, Reorder ID 1960, QID 0\n [LOG: Err] MQSS(2): DRD: UNROLL0: HMC chunk address error in stage 5 - Chunk Address: 0xc38fb1\n [LOG: Notice] Error: /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc), scope: pfe, category: functional, severity: major, module: MQSS(2), type: DRD_RORD_ENG_INT: CMD FSM State Error\n [LOG: Notice] Performing action cmalarm for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major\n [LOG: Notice] Performing action get-state for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major\n [LOG: Notice] Performing action disable-pfe for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major\n\nBy continuously sending fragmented packets that cannot be reassembled, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS).\n\n\n\nThis issue affects Juniper Networks Junos OS:\n17.2 versions prior to 17.2R3-S4 on MX Series;\n17.3 versions prior to 17.3R3-S8 on MX Series;\n17.4 versions prior to 17.4R2-S9, 17.4R3-S1 on MX Series;\n18.1 versions prior to 18.1R3-S10 on MX Series;\n18.2 versions prior to 18.2R2-S6, 18.2R3-S3 on MX Series;\n18.2X75 versions prior to 18.2X75-D34, 18.2X75-D41, 18.2X75-D53, 18.2X75-D65, 18.2X75-D430 on MX Series;\n18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S2 on MX Series;\n18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3 on MX Series;\n19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 on MX Series;\n19.2 versions prior to 19.2R1-S3, 19.2R2 on MX Series;\n19.3 versions prior to 19.3R2-S2, 19.3R3 on MX Series.\n\nThis issue is specific to inline IP reassembly, introduced in Junos OS 17.2. Versions of Junos OS prior to 17.2 are unaffected by this vulnerability.\n\n"
"value": "When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of small fragments requiring reassembly, generating the following error messages: [LOG: Err] MQSS(2): WO: Packet Error - Error Packets 1, Connection 29 [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[2:0]: HMCIF Rx: Injected checksum error detected on WO response - Chunk Address 0x0 [LOG: Err] MQSS(2): DRD: RORD1: CMD reorder ID error - Command 11, Reorder ID 1960, QID 0 [LOG: Err] MQSS(2): DRD: UNROLL0: HMC chunk address error in stage 5 - Chunk Address: 0xc38fb1 [LOG: Notice] Error: /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc), scope: pfe, category: functional, severity: major, module: MQSS(2), type: DRD_RORD_ENG_INT: CMD FSM State Error [LOG: Notice] Performing action cmalarm for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major [LOG: Notice] Performing action get-state for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major [LOG: Notice] Performing action disable-pfe for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major By continuously sending fragmented packets that cannot be reassembled, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 17.2 versions prior to 17.2R3-S4 on MX Series; 17.3 versions prior to 17.3R3-S8 on MX Series; 17.4 versions prior to 17.4R2-S9, 17.4R3-S1 on MX Series; 18.1 versions prior to 18.1R3-S10 on MX Series; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3 on MX Series; 18.2X75 versions prior to 18.2X75-D34, 18.2X75-D41, 18.2X75-D53, 18.2X75-D65, 18.2X75-D430 on MX Series; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S2 on MX Series; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3 on MX Series; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 on MX Series; 19.2 versions prior to 19.2R1-S3, 19.2R2 on MX Series; 19.3 versions prior to 19.3R2-S2, 19.3R3 on MX Series. This issue is specific to inline IP reassembly, introduced in Junos OS 17.2. Versions of Junos OS prior to 17.2 are unaffected by this vulnerability."
}
]
},

2
2020/1xxx/CVE-2020-1650.json
View File

@ -129,7 +129,7 @@
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC.\n\nBy continuously sending these specific packets, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a prolonged Denial of Service.\n\nThis issue affects MX Series devices using MS-PIC, MS-MIC or MS-MPC service cards with any service configured.\nThis issue affects Juniper Networks Junos OS on MX Series:\n17.2R2-S7;\n17.3R3-S4, 17.3R3-S5;\n17.4R2-S4 and the subsequent SRs (17.4R2-S5, 17.4R2-S6, etc.);\n17.4R3;\n18.1R3-S3, 18.1R3-S4, 18.1R3-S5, 18.1R3-S6, 18.1R3-S7, 18.1R3-S8;\n18.2R3, 18.2R3-S1, 18.2R3-S2;\n18.3R2 and the SRs based on 18.3R2;\n18.4R2 and the SRs based on 18.4R2;\n19.1R1 and the SRs based on 19.1R1;\n19.2R1 and the SRs based on 19.2R1;\n19.3R1 and the SRs based on 19.3R1."
"value": "On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. By continuously sending these specific packets, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a prolonged Denial of Service. This issue affects MX Series devices using MS-PIC, MS-MIC or MS-MPC service cards with any service configured. This issue affects Juniper Networks Junos OS on MX Series: 17.2R2-S7; 17.3R3-S4, 17.3R3-S5; 17.4R2-S4 and the subsequent SRs (17.4R2-S5, 17.4R2-S6, etc.); 17.4R3; 18.1R3-S3, 18.1R3-S4, 18.1R3-S5, 18.1R3-S6, 18.1R3-S7, 18.1R3-S8; 18.2R3, 18.2R3-S1, 18.2R3-S2; 18.3R2 and the SRs based on 18.3R2; 18.4R2 and the SRs based on 18.4R2; 19.1R1 and the SRs based on 19.1R1; 19.2R1 and the SRs based on 19.2R1; 19.3R1 and the SRs based on 19.3R1."
}
]
},

2
2020/1xxx/CVE-2020-1651.json
View File

@ -74,7 +74,7 @@
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine (PFE) on the line card to crash and restart, causing traffic interruption.\n\nBy continuously sending this stream of specific layer 2 frame, an attacker connected to the same broadcast domain can repeatedly crash the PFE, causing a prolonged Denial of Service (DoS).\nThis issue affects Juniper Networks Junos OS on MX Series:\n17.2 versions prior to 17.2R3-S4;\n17.2X75 versions prior to 17.2X75-D105.19;\n17.3 versions prior to 17.3R3-S7;\n17.4 versions prior to 17.4R1-S3, 17.4R2;\n18.1 versions prior to 18.1R2.\n\nThis issue does not affect Juniper Networks Junos OS releases prior to 17.2R1."
"value": "On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine (PFE) on the line card to crash and restart, causing traffic interruption. By continuously sending this stream of specific layer 2 frame, an attacker connected to the same broadcast domain can repeatedly crash the PFE, causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS on MX Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2. This issue does not affect Juniper Networks Junos OS releases prior to 17.2R1."
}
]
},

5
2020/1xxx/CVE-2020-1652.json
View File

@ -82,8 +82,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/"
"refsource": "MISC",
"url": "https://kb.juniper.net/",
"name": "https://kb.juniper.net/"
}
]
},

2
2020/1xxx/CVE-2020-1653.json
View File

@ -87,7 +87,7 @@
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore).\n\nThis issue can be trigged by IPv4 or IPv6 and it is caused only by TCP packets.\n\nThis issue is not related to any specific configuration and it affects Junos OS releases starting from 17.4R1.\nHowever, this issue does not affect Junos OS releases prior to 18.2R1 when Nonstop active routing (NSR) is configured [edit routing-options nonstop-routing].\n\nThe number of mbufs is platform dependent.\nThe following command provides the number of mbufs counter that are currently in use and maximum number of mbufs that can be allocated on a platform:\n user@host> show system buffers \n 2437/3143/5580 mbufs in use (current/cache/total)\n\nOnce the device runs out of mbufs, the FPC crashes or the vmcore occurs and the device might become inaccessible requiring a manual restart.\n\nThis issue affects Juniper Networks Junos OS\n17.4 versions prior to 17.4R2-S11, 17.4R3-S2;\n18.1 versions prior to 18.1R3-S10;\n18.2 versions prior to 18.2R2-S7, 18.2R3-S5;\n18.2X75 versions prior to 18.2X75-D41, 18.2X75-D420.12, 18.2X75-D51, 18.2X75-D60, 18.2X75-D34;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S2;\n18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S1;\n19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3;\n19.2 versions prior to 19.2R1-S5, 19.2R2;\n19.3 versions prior to 19.3R2-S3, 19.3R3;\n19.4 versions prior to 19.4R1-S2, 19.4R2.\n\nVersions of Junos OS prior to 17.4R1 are unaffected by this vulnerability."
"value": "On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore). This issue can be trigged by IPv4 or IPv6 and it is caused only by TCP packets. This issue is not related to any specific configuration and it affects Junos OS releases starting from 17.4R1. However, this issue does not affect Junos OS releases prior to 18.2R1 when Nonstop active routing (NSR) is configured [edit routing-options nonstop-routing]. The number of mbufs is platform dependent. The following command provides the number of mbufs counter that are currently in use and maximum number of mbufs that can be allocated on a platform: user@host> show system buffers 2437/3143/5580 mbufs in use (current/cache/total) Once the device runs out of mbufs, the FPC crashes or the vmcore occurs and the device might become inaccessible requiring a manual restart. This issue affects Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S5; 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D420.12, 18.2X75-D51, 18.2X75-D60, 18.2X75-D34; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Versions of Junos OS prior to 17.4R1 are unaffected by this vulnerability."
}
]
},

2
2020/1xxx/CVE-2020-1654.json
View File

@ -87,7 +87,7 @@
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE)\n\nContinued processing of this malformed HTTP message may result in an extended Denial of Service (DoS) condition.\n\nThe offending HTTP message that causes this issue may originate both from the HTTP server or the HTTP client.\n\n\n\n\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n18.1 versions prior to 18.1R3-S9 ;\n18.2 versions prior to 18.2R2-S7, 18.2R3-S3;\n18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S1;\n18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3;\n19.1 versions prior to 19.1R1-S5, 19.1R2;\n19.2 versions prior to 19.2R1-S2, 19.2R2;\n19.3 versions prior to 19.3R2.\n\nThis issue does not affect Juniper Networks Junos OS prior to 18.1R1."
"value": "On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) Continued processing of this malformed HTTP message may result in an extended Denial of Service (DoS) condition. The offending HTTP message that causes this issue may originate both from the HTTP server or the HTTP client. This issue affects Juniper Networks Junos OS on SRX Series: 18.1 versions prior to 18.1R3-S9 ; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1."
}
]
},

12
2020/1xxx/CVE-2020-1655.json
View File

@ -110,7 +110,7 @@
"description_data": [
{
"lang": "eng",
"value": "When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of large packets requiring fragmentation, generating the following error messages:\n\n [LOG: Err] MQSS(0): WO: Packet Error - Error Packets 1, Connection 29\n [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[0:0]: HMCIF Rx: Injected checksum error detected on WO response - Chunk Address 0x0\n [LOG: Err] MQSS(0): DRD: RORD1: CMD reorder ID error - Command 11, Reorder ID 1838, QID 0\n [LOG: Err] MQSS(0): DRD: UNROLL0: HMC chunk length error in stage 5 - Chunk Address: 0x4321f3\n [LOG: Err] MQSS(0): DRD: UNROLL0: HMC chunk address error in stage 5 - Chunk Address: 0x0\n [LOG: Notice] Error: /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc), scope: pfe, category: functional, severity: major, module: MQSS(0), type: DRD_RORD_ENG_INT: CMD FSM State Error\n [LOG: Notice] Performing action cmalarm for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major\n [LOG: Notice] Performing action get-state for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major\n [LOG: Notice] Performing action disable-pfe for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major\n\nBy continuously sending fragmented packets that cannot be reassembled, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS).\n\nThis issue affects Juniper Networks Junos OS:\n17.2 versions prior to 17.2R3-S4 on MX Series;\n17.3 versions prior to 17.3R3-S8 on MX Series;\n17.4 versions prior to 17.4R2-S10, 17.4R3-S2 on MX Series;\n18.1 versions prior to 18.1R3-S10 on MX Series;\n18.2 versions prior to 18.2R3-S3 on MX Series;\n18.2X75 versions prior to 18.2X75-D41, 18.2X75-D430, 18.2X75-D65 on MX Series;\n18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S1 on MX Series;\n18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3 on MX Series;\n19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3 on MX Series;\n19.2 versions prior to 19.2R1-S4, 19.2R2 on MX Series;\n19.3 versions prior to 19.3R2-S2, 19.3R3 on MX Series.\n\nThis issue is specific to inline IP reassembly, introduced in Junos OS 17.2. Versions of Junos OS prior to 17.2 are unaffected by this vulnerability.\n"
"value": "When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of large packets requiring fragmentation, generating the following error messages: [LOG: Err] MQSS(0): WO: Packet Error - Error Packets 1, Connection 29 [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[0:0]: HMCIF Rx: Injected checksum error detected on WO response - Chunk Address 0x0 [LOG: Err] MQSS(0): DRD: RORD1: CMD reorder ID error - Command 11, Reorder ID 1838, QID 0 [LOG: Err] MQSS(0): DRD: UNROLL0: HMC chunk length error in stage 5 - Chunk Address: 0x4321f3 [LOG: Err] MQSS(0): DRD: UNROLL0: HMC chunk address error in stage 5 - Chunk Address: 0x0 [LOG: Notice] Error: /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc), scope: pfe, category: functional, severity: major, module: MQSS(0), type: DRD_RORD_ENG_INT: CMD FSM State Error [LOG: Notice] Performing action cmalarm for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major [LOG: Notice] Performing action get-state for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major [LOG: Notice] Performing action disable-pfe for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major By continuously sending fragmented packets that cannot be reassembled, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 17.2 versions prior to 17.2R3-S4 on MX Series; 17.3 versions prior to 17.3R3-S8 on MX Series; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2 on MX Series; 18.1 versions prior to 18.1R3-S10 on MX Series; 18.2 versions prior to 18.2R3-S3 on MX Series; 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D430, 18.2X75-D65 on MX Series; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S1 on MX Series; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3 on MX Series; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3 on MX Series; 19.2 versions prior to 19.2R1-S4, 19.2R2 on MX Series; 19.3 versions prior to 19.3R2-S2, 19.3R3 on MX Series. This issue is specific to inline IP reassembly, introduced in Junos OS 17.2. Versions of Junos OS prior to 17.2 are unaffected by this vulnerability."
}
]
},
@ -153,15 +153,15 @@
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11041",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11041"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/l2tp-lns-inline-service-interfaces.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/l2tp-lns-inline-service-interfaces.html"
},
{
"name": "https://kb.juniper.net/JSA11041",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11041"
}
]
},