NVD Vulnerability Detail

CVE-2020-1648

Summary	On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70; 19.4 versions 19.4R1 and 19.4R1-S1; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: 19.4-EVO versions prior to 19.4R2-S2-EVO; 20.1-EVO versions prior to 20.1R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.
Publication Date	July 18, 2020, 4:15 a.m.
Registration Date	Jan. 26, 2021, 11:54 a.m.
Last Update	Nov. 21, 2024, 2:11 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:juniper:junos:18.2x75:::::::*
cpe:2.3:o:juniper:junos:18.2x75:-::::::
cpe:2.3:o:juniper:junos:18.2x75:d20::::::
cpe:2.3:o:juniper:junos:18.2x75:d40::::::
cpe:2.3:o:juniper:junos:18.2x75:d30::::::
cpe:2.3:o:juniper:junos:19.4:r1::::::
cpe:2.3:o:juniper:junos:20.1:r1::::::
cpe:2.3:o:juniper:junos:19.4:r1-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:20.1:r1::::::
cpe:2.3:o:juniper:junos:20.1:r1-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:19.4:r1::::::
cpe:2.3:o:juniper:junos_os_evolved:19.4:r2-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:19.4:r2::::::

Related information, measures and tools

No	URL	refsource	タグ
1	https://kb.juniper.net/JSA11035		Vendor Advisory
2	https://kb.juniper.net/JSA11035		Vendor Advisory

Common Vulnerabilities List

JVN Vulnerability Information

Juniper Networks Junos OS および Junos OS Evolved デバイスにおける入力確認に関する脆弱性

Title	Juniper Networks Junos OS および Junos OS Evolved デバイスにおける入力確認に関する脆弱性
Summary	Juniper Networks Junos OS および Junos OS Evolved デバイスには、入力確認に関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 8, 2020, midnight
Registration Date	Sept. 8, 2020, 4:16 p.m.
Last Update	Sept. 8, 2020, 4:16 p.m.

Affected System

ジュニパーネットワークス

Junos OS

Junos OS Evolved

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-1648	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1648
National Vulnerability Database (NVD)
2	CVE-2020-1648	https://nvd.nist.gov/vuln/detail/CVE-2020-1648

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html

ベンダー情報

No	Name	URL
Security Bulletin
1	JSA11035	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11035&actp=METADATA

Change Log

No	Changed Details	Date of change
1	[2020年09月08日] 掲載	Sept. 8, 2020, 4:16 p.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:juniper:junos:18.2x75:::::::*
cpe:2.3:o:juniper:junos:18.2x75:-::::::
cpe:2.3:o:juniper:junos:18.2x75:d20::::::
cpe:2.3:o:juniper:junos:18.2x75:d40::::::
cpe:2.3:o:juniper:junos:18.2x75:d30::::::
cpe:2.3:o:juniper:junos:19.4:r1::::::
cpe:2.3:o:juniper:junos:20.1:r1::::::
cpe:2.3:o:juniper:junos:19.4:r1-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:20.1:r1::::::
cpe:2.3:o:juniper:junos:20.1:r1-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:19.4:r1::::::
cpe:2.3:o:juniper:junos_os_evolved:19.4:r2-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:19.4:r2::::::