On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO. Other Junos OS releases are not affected.
Published 2020-07-17 19:15:13
Updated 2022-01-01 17:34:53
View at NVD,   CVE.org
Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2020-1646

0.10%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-1646

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
4.3
MEDIUM AV:N/AC:M/Au:N/C:N/I:N/A:P
8.6
2.9
NIST
7.5
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.9
3.6
NIST
7.5
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.9
3.6
Juniper Networks, Inc.

CWE ids for CVE-2020-1646

  • The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect on its behavior and integrity.
    Assigned by: sirt@juniper.net (Secondary)

References for CVE-2020-1646

  • https://kb.juniper.net/JSA11033
    2020-07 Security Bulletin: Junos OS and Junos OS Evolved: RPD crash while processing a specific BGP update information. (CVE-2020-1646) - Juniper Networks
    Vendor Advisory

Products affected by CVE-2020-1646

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!