CVE-2020-1681 : Receipt of a specifically malformed NDP packet sent from the local area network

Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability.

Published 2020-10-16 21:15:14

Updated 2022-10-21 19:49:13

Source Juniper Networks, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2020-1681

Juniper » Junos Os Evolved » Version: 19.2 Update R1
cpe:2.3:o:juniper:junos_os_evolved:19.2:r1:*:*:*:*:*:*
Matching versions
Juniper » Junos Os Evolved » Version: 19.2 Update R2
cpe:2.3:o:juniper:junos_os_evolved:19.2:r2:*:*:*:*:*:*
Matching versions
Juniper » Junos Os Evolved » Version: 19.3 Update R2
cpe:2.3:o:juniper:junos_os_evolved:19.3:r2:*:*:*:*:*:*
Matching versions
Juniper » Junos Os Evolved » Version: 20.1 Update R1
cpe:2.3:o:juniper:junos_os_evolved:20.1:r1:*:*:*:*:*:*
Matching versions
Juniper » Junos Os Evolved » Version: 19.4 Update R1
cpe:2.3:o:juniper:junos_os_evolved:19.4:r1:*:*:*:*:*:*
Matching versions
Juniper » Junos Os Evolved » Version: 19.4 Update R2
cpe:2.3:o:juniper:junos_os_evolved:19.4:r2:*:*:*:*:*:*
Matching versions
Juniper » Junos Os Evolved » Version: 19.4 Update R2-s1
cpe:2.3:o:juniper:junos_os_evolved:19.4:r2-s1:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-1681

EPSS FAQ

0.31%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 52 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-1681

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.3	LOW	AV:A/AC:L/Au:N/C:N/I:N/A:P	6.5	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	Juniper Networks, Inc.
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2020-1681

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Assigned by: nvd@nist.gov (Primary)
CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

Assigned by: sirt@juniper.net (Secondary)

References for CVE-2020-1681

https://kb.juniper.net/JSA11078

2020-10 Security Bulletin: Junos OS Evolved: Receipt of a specifically malformed NDP packet could lead to Denial of Service (CVE-2020-1681) - Juniper Networks
Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-1681

Products affected by CVE-2020-1681

Exploit prediction scoring system (EPSS) score for CVE-2020-1681

CVSS scores for CVE-2020-1681

CWE ids for CVE-2020-1681

References for CVE-2020-1681