CVE-2020-1662
Vulnerability from cvelistv5
Published
2020-10-16 20:31
Modified
2024-09-16 19:04
Severity ?
EPSS score ?
Summary
Junos OS and Junos OS Evolved: RPD crash due to BGP session flapping.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA11059 | Vendor Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Juniper Networks | Junos OS | |
| Juniper Networks | Junos OS Evolved |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "17.2R3-S3"
},
{
"lessThan": "17.2R3-S3",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"changes": [
{
"at": "17.3R3-S8",
"status": "unaffected"
}
],
"lessThan": "17.3*",
"status": "affected",
"version": "17.3R3-S3",
"versionType": "custom"
},
{
"changes": [
{
"at": "17.4R2-S10, 17.4R3-S2",
"status": "unaffected"
}
],
"lessThan": "17.4*",
"status": "affected",
"version": "17.4R2-S4, 17.4R3",
"versionType": "custom"
},
{
"changes": [
{
"at": "18.1R3-S10",
"status": "unaffected"
}
],
"lessThan": "18.1*",
"status": "affected",
"version": "18.1R3-S6",
"versionType": "custom"
},
{
"changes": [
{
"at": "18.2R3-S4",
"status": "unaffected"
}
],
"lessThan": "18.2*",
"status": "affected",
"version": "18.2R3",
"versionType": "custom"
},
{
"changes": [
{
"at": "18.2X75-D53, 18.2X75-D65",
"status": "unaffected"
}
],
"lessThan": "18.2X75*",
"status": "affected",
"version": "18.2X75-D50, 18.2X75-D60",
"versionType": "custom"
},
{
"changes": [
{
"at": "18.3R2-S4, 18.3R3-S2",
"status": "unaffected"
}
],
"lessThan": "18.3*",
"status": "affected",
"version": "18.3R2",
"versionType": "custom"
},
{
"changes": [
{
"at": "18.4R2-S5, 18.4R3-S2",
"status": "unaffected"
}
],
"lessThan": "18.4*",
"status": "affected",
"version": "18.4R2",
"versionType": "custom"
},
{
"changes": [
{
"at": "19.1R2-S2, 19.1R3-S1",
"status": "unaffected"
}
],
"lessThan": "19.1*",
"status": "affected",
"version": "19.1R1",
"versionType": "custom"
},
{
"changes": [
{
"at": "19.2R1-S5, 19.2R2",
"status": "unaffected"
}
],
"lessThan": "19.2*",
"status": "affected",
"version": "19.2R1",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S3, 19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S3, 19.4R2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R1-S2, 20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "19.4-EVO"
},
{
"lessThan": "20.1R2-EVO",
"status": "affected",
"version": "20.1-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The example of the configuration stanza affected by this issue is as follows:\n [protocols bgp damping]\n\nused in combination with accepted-prefix-limit configuration:\n [protocols bgp ... accepted-prefix-limit]"
}
],
"datePublic": "2020-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T20:31:26",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11059"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 17.2R3-S4, 17.3R3-S8, 17.3R3-S9, 17.4R2-S10, 17.4R3-S2, 18.1R3-S10, 18.2R3-S4, 18.2X75-D53, 18.2X75-D65, 18.3R2-S4, 18.3R3-S2, 18.4R2-S5, 18.4R3-S2, 19.1R2-S2, 19.1R3-S1, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.\n\n\nJunos OS Evolved: 20.1R2-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11059",
"defect": [
"1490079"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: RPD crash due to BGP session flapping.",
"workarounds": [
{
"lang": "en",
"value": "There are multiple workarounds that can be applied to prevent this issue:\n\n1. Disable BGP router flap damping.\n\n2. Replace \"accepted-prefix-limit\" with \"prefix-limit\" in the BGP configuration, for example: \n [edit protocols bgp group ${GRP} neighbor ${NEI} family ${AFI} unicast] \n + prefix-limit {\n - accepted-prefix-limit {\n\n 3. Make sure that the BGP session idle-timeout is longer than damping max-suppress time. \nIn other words, by the time a peer is eligible to establish BGP session again, no previously advertised prefixes remain suppressed.\nThe BGP session idle time out is configured under:\n [protocols bgp damping ... teardown \u003cTEARDOWN_VALUE\u003e idle-timeout \u003cIDLE_TIMEOUT_VALUE\u003e]\nThe BGP damping max-suppress time configured under:\n [protocol bgp damping... max-suppress \u003cMAX_SUPPRES_VALUE\u003e]\nThe \u003cIDLE_TIMEOUT_VALUE\u003e needs to be higher than \u003cMAX_SUPPRES_VALUE\u003e"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1662",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: RPD crash due to BGP session flapping."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "17.2",
"version_value": "17.2R3-S3"
},
{
"version_affected": "\u003e=",
"version_name": "17.3",
"version_value": "17.3R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"version_affected": "\u003e=",
"version_name": "17.4",
"version_value": "17.4R2-S4, 17.4R3"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S10, 17.4R3-S2"
},
{
"version_affected": "\u003e=",
"version_name": "18.1",
"version_value": "18.1R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"version_affected": "\u003e=",
"version_name": "18.2",
"version_value": "18.2R3"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S4"
},
{
"version_affected": "\u003e=",
"version_name": "18.2X75",
"version_value": "18.2X75-D50, 18.2X75-D60"
},
{
"version_affected": "\u003c",
"version_name": "18.2X75",
"version_value": "18.2X75-D53, 18.2X75-D65"
},
{
"version_affected": "\u003e=",
"version_name": "18.3",
"version_value": "18.3R2"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S2"
},
{
"version_affected": "\u003e=",
"version_name": "18.4",
"version_value": "18.4R2"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S2"
},
{
"version_affected": "\u003e=",
"version_name": "19.1",
"version_value": "19.1R1"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3-S1"
},
{
"version_affected": "\u003e=",
"version_name": "19.2",
"version_value": "19.2R1"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S3, 19.3R3"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1-S2, 20.1R2"
},
{
"version_affected": "!\u003c",
"version_value": "17.2R3-S3"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "19.4-EVO",
"version_value": "19.4-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.1-EVO",
"version_value": "20.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The example of the configuration stanza affected by this issue is as follows:\n [protocols bgp damping]\n\nused in combination with accepted-prefix-limit configuration:\n [protocols bgp ... accepted-prefix-limit]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11059",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11059"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 17.2R3-S4, 17.3R3-S8, 17.3R3-S9, 17.4R2-S10, 17.4R3-S2, 18.1R3-S10, 18.2R3-S4, 18.2X75-D53, 18.2X75-D65, 18.3R2-S4, 18.3R3-S2, 18.4R2-S5, 18.4R3-S2, 19.1R2-S2, 19.1R3-S1, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.\n\n\nJunos OS Evolved: 20.1R2-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11059",
"defect": [
"1490079"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are multiple workarounds that can be applied to prevent this issue:\n\n1. Disable BGP router flap damping.\n\n2. Replace \"accepted-prefix-limit\" with \"prefix-limit\" in the BGP configuration, for example: \n [edit protocols bgp group ${GRP} neighbor ${NEI} family ${AFI} unicast] \n + prefix-limit {\n - accepted-prefix-limit {\n\n 3. Make sure that the BGP session idle-timeout is longer than damping max-suppress time. \nIn other words, by the time a peer is eligible to establish BGP session again, no previously advertised prefixes remain suppressed.\nThe BGP session idle time out is configured under:\n [protocols bgp damping ... teardown \u003cTEARDOWN_VALUE\u003e idle-timeout \u003cIDLE_TIMEOUT_VALUE\u003e]\nThe BGP damping max-suppress time configured under:\n [protocol bgp damping... max-suppress \u003cMAX_SUPPRES_VALUE\u003e]\nThe \u003cIDLE_TIMEOUT_VALUE\u003e needs to be higher than \u003cMAX_SUPPRES_VALUE\u003e"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1662",
"datePublished": "2020-10-16T20:31:26.882621Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-16T19:04:48.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-1662\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2020-10-16T21:15:12.443\",\"lastModified\":\"2020-10-28T17:52:45.217\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3.\"},{\"lang\":\"es\",\"value\":\"En los dispositivos Juniper Networks Junos OS y Junos OS Evolved, la interrupci\u00f3n de la sesi\u00f3n BGP puede conllevar a un bloqueo y reinicio del routing process daemon (RPD), limitando la superficie de ataque a los peers BGP configurados.\u0026#xa0;Este problema solo afecta a los dispositivos con amortiguaci\u00f3n BGP en combinaci\u00f3n con la configuraci\u00f3n accepted-prefix-limit.\u0026#xa0;Cuando el problema ocurre, aparecer\u00e1n los siguientes mensajes en /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover. Este problema afecta a: Juniper Networks Junos OS: versi\u00f3n 17.2R3-S3; versiones 17.3 17.3R3-S3 y versiones posteriores, anteriores a 17.3R3-S8;\u0026#xa0;17.4 versi\u00f3n 17.4R2-S4, 17.4R3 y versiones posteriores, anteriores a 17.4R2-S10, 17.4R3-S2;\u0026#xa0;18.1 versi\u00f3n 18.1R3-S6 y versiones posteriores, anteriores a 18.1R3-S10;\u0026#xa0;18.2 versi\u00f3n 18.2R3 y versiones posteriores, anteriores a 18.2R3-S4;\u0026#xa0;18.2X75 versi\u00f3n 18.2X75-D50, 18.2X75-D60 y versiones posteriores, anteriores a 18.2X75-D53, 18.2X75-D65;\u0026#xa0;18.3 versi\u00f3n 18.3R2 y versiones posteriores, anteriores a 18.3R2-S4, 18.3R3-S2;\u0026#xa0;18.4 versi\u00f3n 18.4R2 y versiones posteriores, anteriores a 18.4R2-S5, 18.\u0026#xa0;4R3-S2;\u0026#xa0;19.1 versi\u00f3n 19.1R1 y versiones posteriores, anteriores a 19.1R2-S2, 19.1R3-S1;\u0026#xa0;19.2 versi\u00f3n 19.2R1 y versiones posteriores, anteriores a 19.2R1-S5, 19.2R2;\u0026#xa0;19.3 versiones anteriores a 19.3R2-S3, 19.3R3;\u0026#xa0;19.4 versiones anteriores a 19.4R1-S3, 19.4R2;\u0026#xa0;Versiones 20.1 anteriores a 20.1R1-S2, 20.1R2.\u0026#xa0;Juniper Networks Junos OS Evolved versiones anteriores a 20.1R2-EVO.\u0026#xa0;Este problema no afecta a Juniper Networks Junos OS versiones anteriores a 17.2R3-S3\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.2:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7939BCE6-D4E8-4366-B954-32D77F21A35D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.3:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"488BB10A-1360-42E5-A68D-23D51B332850\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.3:r3-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"64988F0A-E02C-455B-99C9-4059C896416F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.3:r3-s7:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9C703CA-9309-413A-9CD7-585277ADD32D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.4:r2-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B482BCC-1F0C-47AA-B63B-1B39CEF7B2C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.4:r2-s5:*:*:*:*:*:*\",\"matchCriteriaId\":\"A636F9F2-2DA7-4A27-AD80-FD1B34DFCA94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.4:r2-s6:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EC7D216-D8F3-4ABD-97C9-4C9FB6DF64FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.4:r2-s7:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E327643-D8D8-4EFA-9F38-BA862A919501\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.4:r2-s8:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BC6CE1C-9DD8-429E-BDC2-251D8C8674E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.4:r2-s9:*:*:*:*:*:*\",\"matchCriteriaId\":\"63B00B4F-3E65-4CB2-807D-43908B570AE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.4:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"8732E25A-9073-4C7B-9E89-C02368728EB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:17.4:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"09255363-BF79-4FC3-AADD-5FAD0902174F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.1:r3-s6:*:*:*:*:*:*\",\"matchCriteriaId\":\"7988CE92-71D2-4EEC-B596-4A60E2C1136A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.1:r3-s7:*:*:*:*:*:*\",\"matchCriteriaId\":\"330D176F-8DAD-440C-A623-44FA233FAB01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.1:r3-s8:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CC5EAB8-1364-4325-9F01-BE7CC479C29D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.1:r3-s9:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E2E933A-852F-4257-860D-09638EE0D2F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.2:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B670F988-78F2-4BC6-B7FC-E34C280F67DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.2:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F9451C7-6466-4AC9-9A7F-90A2817AED6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.2:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"871CA952-C5EC-4A25-8EF0-C2EC484F7DE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.2:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E2AD65-3DAC-4618-AB73-C43EDCDC7A13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.2x75:d50:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAB1E336-C92A-4A65-A3D9-F2926E76A598\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.2x75:d51:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F15B017-F0AB-4DB7-9718-85C97CBC19DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.2x75:d60:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A109959-DE76-44D3-9AE2-0106875B03A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.3:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7A3FBD3-5399-42A9-9BD9-E3C981CBD6DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.3:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EBD361C-8B4D-43EF-8B82-9FE165D8206E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.3:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E7539C4-6208-43EB-9A0B-4852D0CE0FA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.3:r2-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"35299B02-DC75-458D-B86D-8A0DB95B06AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.3:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFB29C9B-9729-43EB-AF98-AF44038DA711\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.3:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D1FB957-54C8-428E-BC8D-2802D7F6895F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.4:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D59D7A31-128B-4034-862B-8EF3CE3EE949\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.4:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C5E097B-B79E-4E6A-9291-C8CB9674FED5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.4:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"819FA3ED-F934-4B20-BC0E-D638ACCB7787\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.4:r2-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D7D773A-4988-4D7C-A105-1885EBE14426\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.4:r2-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BD93674-9375-493E-BD6C-8AD41CC75DD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.4:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"736B7A9F-E237-45AF-A6D6-84412475F481\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:18.4:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62E63730-F697-4FE6-936B-FD9B4F22EAE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5332B70A-F6B0-4C3B-90E2-5CBFB3326126\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.1:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"81439FE8-5405-45C2-BC04-9823D2009A77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.1:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E506138D-043E-485D-B485-94A2AB75F8E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.1:r1-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EF3C901-3599-463F-BEFB-8858768DC195\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.1:r1-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD806778-A995-4A9B-9C05-F4D7B1CB1F7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.1:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCAB79C9-6639-4ED0-BEC9-E7C8229DF977\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.1:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8CF858F-84BB-4AEA-B829-FCF22C326160\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.1:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5405F361-AB96-4477-AA0D-49B874324B39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CA3060F-1800-4A06-A453-FB8CE4B65312\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A5B337A-727C-4767-AD7B-E0F7F99EB46F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"16FDE60B-7A99-4683-BC14-530B5B005F8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.2:r1-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"725D8C27-E4F8-4394-B4EC-B49B6D3C2709\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"59006503-B2CA-4F79-AC13-7C5615A74CE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8110DA9-54B1-43CF-AACB-76EABE0C9EF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"11B5CC5A-1959-4113-BFCF-E4BA63D918C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"33F08A33-EF80-4D86-9A9A-9DF147B9B6D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF24ACBD-5F84-47B2-BFF3-E9A56666269C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3935A586-41BD-4FA5-9596-DED6F0864777\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC743EE4-8833-452A-94DB-655BF139F883\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE96A8EA-FFE3-4D8F-9266-21899149D634\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C12A75C6-2D00-4202-B861-00FF71585FA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8328FDE6-9707-4142-B905-3B07C0E28E35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"41CD982F-E6F2-4951-9F96-A76C142DF08E\"}]}]}],\"references\":[{\"url\":\"https://kb.juniper.net/JSA11059\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.