high
8.6
CWE
710
Advisory Published
Updated

CVE-2020-1613: Junos OS: BGP session termination upon receipt of specific BGP FlowSpec advertisement.

First published: Wed Apr 08 2020(Updated: )

A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. The BGP NOTIFICATION message that terminates an established BGP session is sent toward the peer device that originally sent the specific BGP FlowSpec advertisement. This specific BGP FlowSpec advertisement received from a BGP peer might get propagated from a Junos OS device running the fixed release to another device that is vulnerable causing BGP session termination downstream. This issue affects IPv4 and IPv6 BGP FlowSpec deployment. This issue affects Juniper Networks Junos OS: 12.3; 12.3X48 on SRX Series; 14.1X53 on EX and QFX Series; 15.1 versions prior to 15.1R7-S5; 15.1F versions prior to 15.1F6-S13; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D497 on NFX Series; 15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S12, 17.1R3; 17.2 versions prior to 17.2R2-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110, 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R1-S8, 17.4R2; 18.1 versions prior to 18.1R2-S4, 18.1R3; 18.2X75 versions prior to 18.2X75-D20.

Credit: sirt@juniper.net

Affected SoftwareAffected VersionHow to fix
Junos OS Evolved=12.3
Junos OS Evolved=15.1
Junos OS Evolved=15.1-f
Junos OS Evolved=15.1-f1
Junos OS Evolved=15.1-f2
Junos OS Evolved=15.1-f2-s1
Junos OS Evolved=15.1-f2-s2
Junos OS Evolved=15.1-f2-s3
Junos OS Evolved=15.1-f2-s4
Junos OS Evolved=15.1-f3
Junos OS Evolved=15.1-f4
Junos OS Evolved=15.1-f5
Junos OS Evolved=15.1-f5-s7
Junos OS Evolved=15.1-f6
Junos OS Evolved=15.1-f6-s1
Junos OS Evolved=15.1-f6-s12
Junos OS Evolved=15.1-f6-s2
Junos OS Evolved=15.1-f6-s3
Junos OS Evolved=15.1-f6-s4
Junos OS Evolved=15.1-f6-s7
Junos OS Evolved=15.1-f7
Junos OS Evolved=15.1-r1
Junos OS Evolved=15.1-r2
Junos OS Evolved=15.1-r3
Junos OS Evolved=15.1-r4
Junos OS Evolved=15.1-r4-s7
Junos OS Evolved=15.1-r4-s8
Junos OS Evolved=15.1-r4-s9
Junos OS Evolved=15.1-r5
Junos OS Evolved=15.1-r5-s1
Junos OS Evolved=15.1-r5-s5
Junos OS Evolved=15.1-r5-s6
Junos OS Evolved=15.1-r6
Junos OS Evolved=15.1-r6-s1
Junos OS Evolved=15.1-r6-s2
Junos OS Evolved=15.1-r6-s6
Junos OS Evolved=15.1-r7
Junos OS Evolved=15.1-r7-s1
Junos OS Evolved=15.1-r7-s2
Junos OS Evolved=15.1-r7-s3
Junos OS Evolved=15.1-r7-s4
Junos OS Evolved=16.1
Junos OS Evolved=16.1-r1
Junos OS Evolved=16.1-r2
Junos OS Evolved=16.1-r3
Junos OS Evolved=16.1-r3-s10
Junos OS Evolved=16.1-r3-s11
Junos OS Evolved=16.1-r4
Junos OS Evolved=16.1-r4-s12
Junos OS Evolved=16.1-r4-s2
Junos OS Evolved=16.1-r4-s3
Junos OS Evolved=16.1-r4-s4
Junos OS Evolved=16.1-r4-s6
Junos OS Evolved=16.1-r5
Junos OS Evolved=16.1-r5-s4
Junos OS Evolved=16.1-r6-s1
Junos OS Evolved=16.1-r6-s6
Junos OS Evolved=16.1-r7
Junos OS Evolved=16.1-r7-s2
Junos OS Evolved=16.1-r7-s3
Junos OS Evolved=16.1-r7-s4
Junos OS Evolved=16.1-r7-s5
Junos OS Evolved=17.1
Junos OS Evolved=17.1-r1
Junos OS Evolved=17.1-r2
Junos OS Evolved=17.1-r2-s1
Junos OS Evolved=17.1-r2-s10
Junos OS Evolved=17.1-r2-s11
Junos OS Evolved=17.1-r2-s2
Junos OS Evolved=17.1-r2-s3
Junos OS Evolved=17.1-r2-s4
Junos OS Evolved=17.1-r2-s5
Junos OS Evolved=17.1-r2-s6
Junos OS Evolved=17.1-r2-s7
Junos OS Evolved=17.1-r2-s8
Junos OS Evolved=17.1-r2-s9
Junos OS Evolved=17.1-r3
Junos OS Evolved=17.2
Junos OS Evolved=17.2-r1
Junos OS Evolved=17.2-r1-s1
Junos OS Evolved=17.2-r1-s2
Junos OS Evolved=17.2-r1-s3
Junos OS Evolved=17.2-r1-s4
Junos OS Evolved=17.2-r1-s5
Junos OS Evolved=17.2-r1-s7
Junos OS Evolved=17.2-r1-s8
Junos OS Evolved=17.2-r2
Junos OS Evolved=17.2-r2-s10
Junos OS Evolved=17.2-r2-s11
Junos OS Evolved=17.2-r2-s6
Junos OS Evolved=17.2-r2-s7
Junos OS Evolved=17.2-r2-s9
Junos OS Evolved=17.2x75
Junos OS Evolved=17.2x75-d50
Junos OS Evolved=17.2x75-d70
Junos OS Evolved=17.2x75-d92
Junos OS Evolved=17.3
Junos OS Evolved=17.3-r1-s1
Junos OS Evolved=17.3-r2
Junos OS Evolved=17.3-r2-s1
Junos OS Evolved=17.3-r2-s2
Junos OS Evolved=17.3-r2-s3
Junos OS Evolved=17.3-r2-s4
Junos OS Evolved=17.3-r3
Junos OS Evolved=17.3-r3-s1
Junos OS Evolved=17.3-r3-s2
Junos OS Evolved=17.3-r3-s3
Junos OS Evolved=17.3-r3-s4
Junos OS Evolved=17.4
Junos OS Evolved=17.4-r1
Junos OS Evolved=17.4-r1-s1
Junos OS Evolved=17.4-r1-s2
Junos OS Evolved=17.4-r1-s4
Junos OS Evolved=17.4-r1-s5
Junos OS Evolved=17.4-r1-s6
Junos OS Evolved=17.4-r1-s7
Junos OS Evolved=18.1
Junos OS Evolved=18.1-r2
Junos OS Evolved=18.1-r2-s1
Junos OS Evolved=18.1-r2-s2
Junos OS Evolved=18.2x75
Junos OS Evolved=18.2x75-d10
Junos OS Evolved=12.3x48-d10
Junos OS Evolved=15.1x49
Junos OS Evolved=15.1x49-d10
Junos OS Evolved=15.1x49-d100
Junos OS Evolved=15.1x49-d110
Junos OS Evolved=15.1x49-d120
Junos OS Evolved=15.1x49-d130
Junos OS Evolved=15.1x49-d140
Junos OS Evolved=15.1x49-d15
Junos OS Evolved=15.1x49-d150
Junos OS Evolved=15.1x49-d160
Junos OS Evolved=15.1x49-d170
Junos OS Evolved=15.1x49-d20
Junos OS Evolved=15.1x49-d25
Junos OS Evolved=15.1x49-d30
Junos OS Evolved=15.1x49-d35
Junos OS Evolved=15.1x49-d40
Junos OS Evolved=15.1x49-d45
Junos OS Evolved=15.1x49-d50
Junos OS Evolved=15.1x49-d55
Junos OS Evolved=15.1x49-d60
Junos OS Evolved=15.1x49-d65
Junos OS Evolved=15.1x49-d70
Junos OS Evolved=15.1x49-d75
Junos OS Evolved=15.1x49-d80
Junos OS Evolved=15.1x49-d90
Juniper SRX100
Juniper SRX110
Juniper SRX1400
Juniper SRX1500
Juniper SRX210
Juniper SRX220
Juniper SRX240
Juniper SRX300
Juniper SRX320
Juniper SRX340
Juniper SRX3400
Juniper SRX345
Juniper SRX3600
Juniper SRX4100
Juniper SRX4200
Juniper SRX4600
Juniper SRX5400
Juniper SRX550
Juniper SRX5600
Juniper SRX5800
Juniper SRX650
Junos OS Evolved=14.1x53
Juniper EX2300-24T
Juniper EX2300-C
Juniper EX3400
Juniper EX4300-24T
Juniper EX4600
Juniper EX4650
Juniper EX9200
Juniper EX9250
Juniper QFX10002-60C
Juniper Networks QFX-Series
Juniper Networks QFX-Series
Juniper QFX3000-G
Juniper QFX3000-M
Juniper QFX3008-I
Juniper Networks QFX-Series
Juniper Networks QFX-Series
Juniper QFX3600-I
Juniper QFX3600
Juniper QFX5100
Juniper QFX5110
Juniper QFX5200-32C
Juniper QFX5210-64C
Junos OS Evolved=15.1x53
Junos OS Evolved=15.1x53-d10
Junos OS Evolved=15.1x53-d20
Junos OS Evolved=15.1x53-d21
Junos OS Evolved=15.1x53-d210
Junos OS Evolved=15.1x53-d230
Junos OS Evolved=15.1x53-d231
Junos OS Evolved=15.1x53-d232
Junos OS Evolved=15.1x53-d233
Junos OS Evolved=15.1x53-d234
Junos OS Evolved=15.1x53-d235
Junos OS Evolved=15.1x53-d236
Junos OS Evolved=15.1x53-d237
Junos OS Evolved=15.1x53-d25
Junos OS Evolved=15.1x53-d30
Junos OS Evolved=15.1x53-d31
Junos OS Evolved=15.1x53-d32
Junos OS Evolved=15.1x53-d33
Junos OS Evolved=15.1x53-d34
Junos OS Evolved=15.1x53-d40
Junos OS Evolved=15.1x53-d45
Junos OS Evolved=15.1x53-d47
Junos OS Evolved=15.1x53-d48
Junos OS Evolved=15.1x53-d50
Junos OS Evolved=15.1x53-d51
Junos OS Evolved=15.1x53-d52
Junos OS Evolved=15.1x53-d55
Junos OS Evolved=15.1x53-d56
Junos OS Evolved=15.1x53-d57
Junos OS Evolved=15.1x53-d58
Junos OS Evolved=15.1x53-d59
Junos OS Evolved=15.1x53-d60
Junos OS Evolved=15.1x53-d61
Junos OS Evolved=15.1x53-d62
Junos OS Evolved=15.1x53-d63
Junos OS Evolved=15.1x53-d64
Junos OS Evolved=15.1x53-d65
Junos OS Evolved=15.1x53-d66
Junos OS Evolved=15.1x53-d67
Junos OS Evolved=15.1x53-d68
Junos OS Evolved=15.1x53-d69
Junos OS Evolved=15.1x53-d70
Junos OS Evolved=15.1x53-d470
Junos OS Evolved=15.1x53-d495
Junos OS Evolved=15.1x53-d50
Junos OS Evolved=15.1x53-d51
Junos OS Evolved=15.1x53-d52
Junos OS Evolved=15.1x53-d55
Junos OS Evolved=15.1x53-d57
Junos OS Evolved=15.1x53-d58
Junos OS Evolved=15.1x53-d59
Juniper NFX
Juniper NFX
Junos OS Evolved=15.1x53-d590
Junos OS Evolved=15.1x53-d591

Remedy

The following software releases have been updated to resolve this specific issue: 15.1R7-S5, 15.1F6-S13, 15.1X49-D180, 15.1X53-D238, 15.1X53-D497, 15.1X53-D592, 16.1R7-S7, 17.1R3,17.2R2-S7, 17.2R3,17.2X75-D102, 17.2X75-D110, 17.3R3-S5, 17.4R1-S8, 17.4R2, 18.1R2-S4, 18.1R3, 18.2X75-D20, 18.2R1, and all subsequent releases.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2020-1613?

    CVE-2020-1613 has been rated as a high severity vulnerability.

  • How do I fix CVE-2020-1613?

    To address CVE-2020-1613, apply the appropriate Junos OS updates available from Juniper Networks.

  • Which devices are affected by CVE-2020-1613?

    CVE-2020-1613 affects several versions of Juniper's Junos OS, including 12.3, 15.1, and 16.1.

  • What could happen if CVE-2020-1613 is exploited?

    If exploited, CVE-2020-1613 can cause a Juniper Networks device to terminate established BGP sessions, disrupting communication.

  • Is there a known workaround for CVE-2020-1613?

    Currently, there is no specific workaround for CVE-2020-1613 other than updating to a fixed version of Junos OS.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203