Vulnerability-Lookup

BDU:2020-04494

Vulnerability from fstec - Published: 08.04.2020

Title

Уязвимость реализации BGP Flowspec операционной системы JunOS, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость реализации BGP Flowspec операционной системы JunOS существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Juniper Networks Inc.

Software Name

JunOS

Software Version

до 17.1R3 (JunOS), до 18.1R2-S4 (JunOS), до 17.4R2 (JunOS), до 17.2R2-S7 (JunOS), до 15.1F6-S13 (JunOS), до 15.1R7-S5 (JunOS), до 17.3R3-S5 (JunOS), до 17.2R3 (JunOS), до 17.3R2-S5 (JunOS), до 17.1R2-S12 (JunOS), до 15.1X53-D238 (JunOS), до 17.2X75-D110 (JunOS), до 18.1R3 (JunOS), до 12.3X48 (JunOS), до 14.1X53 (JunOS), до 15.1X49-D180 (JunOS), до 15.1X53-D497 (JunOS), до 15.1X53-D592 (JunOS), до 16.1R7-S7 (JunOS), до 17.2X75-D102 (JunOS), до 17.2X75-D44 (JunOS), до 17.4R1-S8 (JunOS), до 18.2X75-D20 (JunOS)

Possible Mitigations

Использование рекомендаций: https://kb.juniper.net/JSA10996

Reference

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10996&cat=SIRT_1&actp=LIST https://kb.juniper.net/JSA10996

CWE

CWE-20, CWE-710

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Juniper Networks Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 17.1R3 (JunOS), \u0434\u043e 18.1R2-S4 (JunOS), \u0434\u043e 17.4R2 (JunOS), \u0434\u043e 17.2R2-S7 (JunOS), \u0434\u043e 15.1F6-S13 (JunOS), \u0434\u043e 15.1R7-S5 (JunOS), \u0434\u043e 17.3R3-S5 (JunOS), \u0434\u043e 17.2R3 (JunOS), \u0434\u043e 17.3R2-S5 (JunOS), \u0434\u043e 17.1R2-S12 (JunOS), \u0434\u043e 15.1X53-D238 (JunOS), \u0434\u043e 17.2X75-D110 (JunOS), \u0434\u043e 18.1R3 (JunOS), \u0434\u043e 12.3X48 (JunOS), \u0434\u043e 14.1X53 (JunOS), \u0434\u043e 15.1X49-D180 (JunOS), \u0434\u043e 15.1X53-D497 (JunOS), \u0434\u043e 15.1X53-D592 (JunOS), \u0434\u043e 16.1R7-S7 (JunOS), \u0434\u043e 17.2X75-D102 (JunOS), \u0434\u043e 17.2X75-D44 (JunOS), \u0434\u043e 17.4R1-S8 (JunOS), \u0434\u043e 18.2X75-D20 (JunOS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://kb.juniper.net/JSA10996",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.04.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.06.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "01.10.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-04494",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-1613",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "JunOS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Juniper Networks Inc. JunOS \u0434\u043e 17.1R3 , Juniper Networks Inc. JunOS \u0434\u043e 18.1R2-S4 , Juniper Networks Inc. JunOS \u0434\u043e 17.4R2 , Juniper Networks Inc. JunOS \u0434\u043e 17.2R2-S7 , Juniper Networks Inc. JunOS \u0434\u043e 15.1F6-S13 , Juniper Networks Inc. JunOS \u0434\u043e 15.1R7-S5 , Juniper Networks Inc. JunOS \u0434\u043e 17.3R3-S5 , Juniper Networks Inc. JunOS \u0434\u043e 17.2R3 , Juniper Networks Inc. JunOS \u0434\u043e 17.3R2-S5 , Juniper Networks Inc. JunOS \u0434\u043e 17.1R2-S12 , Juniper Networks Inc. JunOS \u0434\u043e 15.1X53-D238 QFX5200 Series, Juniper Networks Inc. JunOS \u0434\u043e 15.1X53-D238 QFX5110 Series, Juniper Networks Inc. JunOS \u0434\u043e 17.2X75-D110 , Juniper Networks Inc. JunOS \u0434\u043e 18.1R3 , Juniper Networks Inc. JunOS \u0434\u043e 12.3X48 SRX Series, Juniper Networks Inc. JunOS \u0434\u043e 14.1X53 EX series, Juniper Networks Inc. JunOS \u0434\u043e 14.1X53 QFX series, Juniper Networks Inc. JunOS \u0434\u043e 15.1X49-D180 SRX Series, Juniper Networks Inc. JunOS \u0434\u043e 15.1X53-D497 NFX Series, Juniper Networks Inc. JunOS \u0434\u043e 15.1X53-D592 EX2300 Series, Juniper Networks Inc. JunOS \u0434\u043e 15.1X53-D592 EX3400 Series, Juniper Networks Inc. JunOS \u0434\u043e 16.1R7-S7 , Juniper Networks Inc. JunOS \u0434\u043e 17.2X75-D102 , Juniper Networks Inc. JunOS \u0434\u043e 17.2X75-D44 , Juniper Networks Inc. JunOS \u0434\u043e 17.4R1-S8 , Juniper Networks Inc. JunOS \u0434\u043e 18.2X75-D20 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 BGP Flowspec \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b JunOS, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043e\u0432 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f (CWE-710)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 BGP Flowspec \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b JunOS \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10996\u0026cat=SIRT_1\u0026actp=LIST\nhttps://kb.juniper.net/JSA10996",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-710",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CVE-2020-1613 (GCVE-0-2020-1613)

Vulnerability from cvelistv5 – Published: 2020-04-08 19:25 – Updated: 2024-09-16 17:43

Title

Junos OS: BGP session termination upon receipt of specific BGP FlowSpec advertisement.

Summary

A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. The BGP NOTIFICATION message that terminates an established BGP session is sent toward the peer device that originally sent the specific BGP FlowSpec advertisement. This specific BGP FlowSpec advertisement received from a BGP peer might get propagated from a Junos OS device running the fixed release to another device that is vulnerable causing BGP session termination downstream. This issue affects IPv4 and IPv6 BGP FlowSpec deployment. This issue affects Juniper Networks Junos OS: 12.3; 12.3X48 on SRX Series; 14.1X53 on EX and QFX Series; 15.1 versions prior to 15.1R7-S5; 15.1F versions prior to 15.1F6-S13; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D497 on NFX Series; 15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S12, 17.1R3; 17.2 versions prior to 17.2R2-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110, 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R1-S8, 17.4R2; 18.1 versions prior to 18.1R2-S4, 18.1R3; 18.2X75 versions prior to 18.2X75-D20.

Severity ?

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-710 - Improper Adherence to Coding Standards

Assigner

juniper

References

URL

Tags

https://kb.juniper.net/JSA10996

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Juniper Networks

Junos OS

Affected: 12.3
Affected: 15.1 , < 15.1R7-S5 (custom)
Affected: 15.1F , < 15.1F6-S13 (custom)
Affected: 16.1 , < 16.1R7-S7 (custom)
Affected: 17.1 , < 17.1R2-S12, 17.1R3 (custom)
Affected: 17.2 , < 17.2R2-S7, 17.2R3 (custom)
Affected: 17.2X75 , < 17.2X75-D102, 17.2X75-D110, 17.2X75-D44 (custom)
Affected: 17.3 , < 17.3R2-S5, 17.3R3-S5 (custom)
Affected: 17.4 , < 17.4R1-S8, 17.4R2 (custom)
Affected: 18.1 , < 18.1R2-S4, 18.1R3 (custom)
Affected: 18.2X75 , < 18.2X75-D20 (custom)

Juniper Networks	Junos OS	Affected: 12.3X48 Affected: 15.1X49 , < 15.1X49-D180 (custom)
Juniper Networks	Junos OS	Affected: 14.1X53
Juniper Networks	Junos OS	Affected: 15.1X53 , < 15.1X53-D238 (custom)
Juniper Networks	Junos OS	Affected: 15.1X53 , < 15.1X53-D497 (custom)
Juniper Networks	Junos OS	Affected: 15.1X53 , < 15.1X53-D592 (custom)

Date Public ?

2020-04-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:39:10.666Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10996"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "12.3"
            },
            {
              "lessThan": "15.1R7-S5",
              "status": "affected",
              "version": "15.1",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1F6-S13",
              "status": "affected",
              "version": "15.1F",
              "versionType": "custom"
            },
            {
              "lessThan": "16.1R7-S7",
              "status": "affected",
              "version": "16.1",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1R2-S12, 17.1R3",
              "status": "affected",
              "version": "17.1",
              "versionType": "custom"
            },
            {
              "lessThan": "17.2R2-S7, 17.2R3",
              "status": "affected",
              "version": "17.2",
              "versionType": "custom"
            },
            {
              "lessThan": "17.2X75-D102, 17.2X75-D110, 17.2X75-D44",
              "status": "affected",
              "version": "17.2X75",
              "versionType": "custom"
            },
            {
              "lessThan": "17.3R2-S5, 17.3R3-S5",
              "status": "affected",
              "version": "17.3",
              "versionType": "custom"
            },
            {
              "lessThan": "17.4R1-S8, 17.4R2",
              "status": "affected",
              "version": "17.4",
              "versionType": "custom"
            },
            {
              "lessThan": "18.1R2-S4, 18.1R3",
              "status": "affected",
              "version": "18.1",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2X75-D20",
              "status": "affected",
              "version": "18.2X75",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "SRX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "12.3X48"
            },
            {
              "lessThan": "15.1X49-D180",
              "status": "affected",
              "version": "15.1X49",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "EX and QFX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "14.1X53"
            }
          ]
        },
        {
          "platforms": [
            "QFX5200/QFX5110"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "15.1X53-D238",
              "status": "affected",
              "version": "15.1X53",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "NFX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "15.1X53-D497",
              "status": "affected",
              "version": "15.1X53",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "EX2300/EX3400"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "15.1X53-D592",
              "status": "affected",
              "version": "15.1X53",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "This issue affects Junos OS devices with the BGP FlowSpec configured:\n  [procotol bgp ... family inet flow]"
        }
      ],
      "datePublic": "2020-04-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. The BGP NOTIFICATION message that terminates an established BGP session is sent toward the peer device that originally sent the specific BGP FlowSpec advertisement. This specific BGP FlowSpec advertisement received from a BGP peer might get propagated from a Junos OS device running the fixed release to another device that is vulnerable causing BGP session termination downstream. This issue affects IPv4 and IPv6 BGP FlowSpec deployment. This issue affects Juniper Networks Junos OS: 12.3; 12.3X48 on SRX Series; 14.1X53 on EX and QFX Series; 15.1 versions prior to 15.1R7-S5; 15.1F versions prior to 15.1F6-S13; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D497 on NFX Series; 15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S12, 17.1R3; 17.2 versions prior to 17.2R2-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110, 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R1-S8, 17.4R2; 18.1 versions prior to 18.1R2-S4, 18.1R3; 18.2X75 versions prior to 18.2X75-D20."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-710",
              "description": "CWE-710 Improper Adherence to Coding Standards",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-08T19:25:52.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10996"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 15.1R7-S5, 15.1F6-S13, 15.1X49-D180, 15.1X53-D238, 15.1X53-D497, 15.1X53-D592, 16.1R7-S7, 17.1R3,17.2R2-S7, 17.2R3,17.2X75-D102, 17.2X75-D110, 17.3R3-S5, 17.4R1-S8, 17.4R2, 18.1R2-S4, 18.1R3, 18.2X75-D20, 18.2R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA10996",
        "defect": [
          "1323474"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: BGP session termination upon receipt of specific BGP FlowSpec advertisement.",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
          "ID": "CVE-2020-1613",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: BGP session termination upon receipt of specific BGP FlowSpec advertisement."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "12.3",
                            "version_value": "12.3"
                          },
                          {
                            "platform": "SRX Series",
                            "version_affected": "=",
                            "version_name": "12.3X48",
                            "version_value": "12.3X48"
                          },
                          {
                            "platform": "EX and QFX Series",
                            "version_affected": "=",
                            "version_name": "14.1X53",
                            "version_value": "14.1X53"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "15.1",
                            "version_value": "15.1R7-S5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "15.1F",
                            "version_value": "15.1F6-S13"
                          },
                          {
                            "platform": "SRX Series",
                            "version_affected": "\u003c",
                            "version_name": "15.1X49",
                            "version_value": "15.1X49-D180"
                          },
                          {
                            "platform": "QFX5200/QFX5110",
                            "version_affected": "\u003c",
                            "version_name": "15.1X53",
                            "version_value": "15.1X53-D238"
                          },
                          {
                            "platform": "NFX Series",
                            "version_affected": "\u003c",
                            "version_name": "15.1X53",
                            "version_value": "15.1X53-D497"
                          },
                          {
                            "platform": "EX2300/EX3400",
                            "version_affected": "\u003c",
                            "version_name": "15.1X53",
                            "version_value": "15.1X53-D592"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.1",
                            "version_value": "16.1R7-S7"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.1",
                            "version_value": "17.1R2-S12, 17.1R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.2",
                            "version_value": "17.2R2-S7, 17.2R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.2X75",
                            "version_value": "17.2X75-D102, 17.2X75-D110, 17.2X75-D44"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.3",
                            "version_value": "17.3R2-S5, 17.3R3-S5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.4",
                            "version_value": "17.4R1-S8, 17.4R2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.1",
                            "version_value": "18.1R2-S4, 18.1R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.2X75",
                            "version_value": "18.2X75-D20"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "This issue affects Junos OS devices with the BGP FlowSpec configured:\n  [procotol bgp ... family inet flow]"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. The BGP NOTIFICATION message that terminates an established BGP session is sent toward the peer device that originally sent the specific BGP FlowSpec advertisement. This specific BGP FlowSpec advertisement received from a BGP peer might get propagated from a Junos OS device running the fixed release to another device that is vulnerable causing BGP session termination downstream. This issue affects IPv4 and IPv6 BGP FlowSpec deployment. This issue affects Juniper Networks Junos OS: 12.3; 12.3X48 on SRX Series; 14.1X53 on EX and QFX Series; 15.1 versions prior to 15.1R7-S5; 15.1F versions prior to 15.1F6-S13; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D497 on NFX Series; 15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S12, 17.1R3; 17.2 versions prior to 17.2R2-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110, 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R1-S8, 17.4R2; 18.1 versions prior to 18.1R2-S4, 18.1R3; 18.2X75 versions prior to 18.2X75-D20."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-710 Improper Adherence to Coding Standards"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10996",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10996"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 15.1R7-S5, 15.1F6-S13, 15.1X49-D180, 15.1X53-D238, 15.1X53-D497, 15.1X53-D592, 16.1R7-S7, 17.1R3,17.2R2-S7, 17.2R3,17.2X75-D102, 17.2X75-D110, 17.3R3-S5, 17.4R1-S8, 17.4R2, 18.1R2-S4, 18.1R3, 18.2X75-D20, 18.2R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA10996",
          "defect": [
            "1323474"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "There are no known workarounds for this issue."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2020-1613",
    "datePublished": "2020-04-08T19:25:52.499Z",
    "dateReserved": "2019-11-04T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:43:36.558Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2020-04494

CVE-2020-1613 (GCVE-0-2020-1613)

Tags

Sightings

Nomenclature