CVE-2020-1639: Junos OS: A crafted Ethernet OAM packet received by Junos may cause the Ethernet OAM connectivity fault management process (CFM) to core.
First published: Wed Apr 08 2020(Updated: )
When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) condition by coring the CFM daemon. Continued receipt of these packets may cause an extended Denial of Service condition. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 14.1X50 versions prior to 14.1X50-D145; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R2; 15.1X49 versions prior to 15.1X49-D170 on SRX Series; 15.1X53 versions prior to 15.1X53-D67.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper Junos | =12.3 | |
| Juniper Junos | =12.3-r1 | |
| Juniper Junos | =12.3-r10 | |
| Juniper Junos | =12.3-r10-s1 | |
| Juniper Junos | =12.3-r10-s2 | |
| Juniper Junos | =12.3-r11 | |
| Juniper Junos | =12.3-r12 | |
| Juniper Junos | =12.3-r12-s1 | |
| Juniper Junos | =12.3-r12-s11 | |
| Juniper Junos | =12.3-r12-s12 | |
| Juniper Junos | =12.3-r12-s13 | |
| Juniper Junos | =12.3-r12-s14 | |
| Juniper Junos | =12.3-r12-s3 | |
| Juniper Junos | =12.3-r12-s4 | |
| Juniper Junos | =12.3-r12-s6 | |
| Juniper Junos | =12.3-r12-s8 | |
| Juniper Junos | =12.3x48 | |
| Juniper Junos | =12.3x48-d10 | |
| Juniper Junos | =12.3x48-d15 | |
| Juniper Junos | =12.3x48-d20 | |
| Juniper Junos | =12.3x48-d25 | |
| Juniper Junos | =12.3x48-d30 | |
| Juniper Junos | =12.3x48-d35 | |
| Juniper Junos | =12.3x48-d40 | |
| Juniper Junos | =12.3x48-d45 | |
| Juniper Junos | =12.3x48-d50 | |
| Juniper Junos | =12.3x48-d51 | |
| Juniper Junos | =12.3x48-d55 | |
| Juniper Junos | =12.3x48-d60 | |
| Juniper Junos | =12.3x48-d65 | |
| Juniper Junos | =12.3x48-d70 | |
| Juniper Junos | =12.3x48-d75 | |
| Juniper Junos | =12.3x48-d80 | |
| Juniper Junos | =14.1x50 | |
| Juniper Junos | =14.1x50-d60 | |
| Juniper Junos | =14.1x53 | |
| Juniper Junos | =14.1x53-d10 | |
| Juniper Junos | =14.1x53-d15 | |
| Juniper Junos | =14.1x53-d16 | |
| Juniper Junos | =14.1x53-d25 | |
| Juniper Junos | =14.1x53-d26 | |
| Juniper Junos | =14.1x53-d27 | |
| Juniper Junos | =14.1x53-d30 | |
| Juniper Junos | =14.1x53-d35 | |
| Juniper Junos | =14.1x53-d40 | |
| Juniper Junos | =14.1x53-d42 | |
| Juniper Junos | =14.1x53-d43 | |
| Juniper Junos | =14.1x53-d44 | |
| Juniper Junos | =14.1x53-d45 | |
| Juniper Junos | =15.1 | |
| Juniper Junos | =15.1-a1 | |
| Juniper Junos | =15.1-f | |
| Juniper Junos | =15.1-f1 | |
| Juniper Junos | =15.1-f2 | |
| Juniper Junos | =15.1-f2-s1 | |
| Juniper Junos | =15.1-f2-s2 | |
| Juniper Junos | =15.1-f2-s3 | |
| Juniper Junos | =15.1-f2-s4 | |
| Juniper Junos | =15.1-f3 | |
| Juniper Junos | =15.1-f4 | |
| Juniper Junos | =15.1-f5 | |
| Juniper Junos | =15.1-f5-s7 | |
| Juniper Junos | =15.1-f6 | |
| Juniper Junos | =15.1-f6-s1 | |
| Juniper Junos | =15.1-f6-s12 | |
| Juniper Junos | =15.1-f6-s2 | |
| Juniper Junos | =15.1-f6-s3 | |
| Juniper Junos | =15.1-f6-s4 | |
| Juniper Junos | =15.1-f6-s7 | |
| Juniper Junos | =15.1-f7 | |
| Juniper Junos | =15.1-r1 | |
| Juniper Junos | =15.1x49 | |
| Juniper Junos | =15.1x49-d10 | |
| Juniper Junos | =15.1x49-d100 | |
| Juniper Junos | =15.1x49-d110 | |
| Juniper Junos | =15.1x49-d120 | |
| Juniper Junos | =15.1x49-d130 | |
| Juniper Junos | =15.1x49-d140 | |
| Juniper Junos | =15.1x49-d15 | |
| Juniper Junos | =15.1x49-d150 | |
| Juniper Junos | =15.1x49-d160 | |
| Juniper Junos | =15.1x49-d20 | |
| Juniper Junos | =15.1x49-d25 | |
| Juniper Junos | =15.1x49-d30 | |
| Juniper Junos | =15.1x49-d35 | |
| Juniper Junos | =15.1x49-d40 | |
| Juniper Junos | =15.1x49-d45 | |
| Juniper Junos | =15.1x49-d50 | |
| Juniper Junos | =15.1x49-d55 | |
| Juniper Junos | =15.1x49-d60 | |
| Juniper Junos | =15.1x49-d65 | |
| Juniper Junos | =15.1x49-d70 | |
| Juniper Junos | =15.1x49-d75 | |
| Juniper Junos | =15.1x49-d80 | |
| Juniper Junos | =15.1x49-d90 | |
| Juniper Junos | =15.1x53 | |
| Juniper Junos | =15.1x53-d10 | |
| Juniper Junos | =15.1x53-d20 | |
| Juniper Junos | =15.1x53-d21 | |
| Juniper Junos | =15.1x53-d25 | |
| Juniper Junos | =15.1x53-d30 | |
| Juniper Junos | =15.1x53-d31 | |
| Juniper Junos | =15.1x53-d32 | |
| Juniper Junos | =15.1x53-d33 | |
| Juniper Junos | =15.1x53-d34 | |
| Juniper Junos | =15.1x53-d40 | |
| Juniper Junos | =15.1x53-d45 | |
| Juniper Junos | =15.1x53-d47 | |
| Juniper Junos | =15.1x53-d48 | |
| Juniper Junos | =15.1x53-d50 | |
| Juniper Junos | =15.1x53-d51 | |
| Juniper Junos | =15.1x53-d52 | |
| Juniper Junos | =15.1x53-d55 | |
| Juniper Junos | =15.1x53-d56 | |
| Juniper Junos | =15.1x53-d57 | |
| Juniper Junos | =15.1x53-d58 | |
| Juniper Junos | =15.1x53-d59 | |
| Juniper Junos | =15.1x53-d60 | |
| Juniper Junos | =15.1x53-d61 | |
| Juniper Junos | =15.1x53-d62 | |
| Juniper Junos | =15.1x53-d63 | |
| Juniper Junos | =15.1x53-d64 | |
| Juniper Junos | =15.1x53-d65 | |
| Juniper Junos | =15.1x53-d66 |
Remedy
The following software releases have been updated to resolve this specific issue: 12.3R12-S15, 12.3X48-D95, 14.1X50-D145, 14.1X53-D47, 15.1R2, 15.1X49-D170, 16.1R1, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-1639?
The severity of CVE-2020-1639 is classified as high due to the potential for an attacker to exploit the vulnerability to cause an overflow condition.
How do I fix CVE-2020-1639?
To fix CVE-2020-1639, update the affected Juniper JUNOS versions to the latest patched versions provided by Juniper Networks.
Which versions of Juniper JUNOS are affected by CVE-2020-1639?
CVE-2020-1639 affects specific versions of Juniper JUNOS including 12.3, 14.1, and 15.1 along with various sub-releases.
What is the impact of CVE-2020-1639?
The impact of CVE-2020-1639 includes potential remote code execution or denial of service due to unhandled malformed Ethernet OAM packets.
Is there a workaround for CVE-2020-1639 until a patch is applied?
Currently, no official workaround is suggested for CVE-2020-1639, thus applying the recommended patch is essential for security.
- agent/type
- agent/weakness
- agent/softwarecombine
- agent/references
- agent/title
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/12.3
- version/juniper junos/12.3-r1
- version/juniper junos/12.3-r10
- version/juniper junos/12.3-r10-s1
- version/juniper junos/12.3-r10-s2
- version/juniper junos/12.3-r11
- version/juniper junos/12.3-r12
- version/juniper junos/12.3-r12-s1
- version/juniper junos/12.3-r12-s11
- version/juniper junos/12.3-r12-s12
- version/juniper junos/12.3-r12-s13
- version/juniper junos/12.3-r12-s14
- version/juniper junos/12.3-r12-s3
- version/juniper junos/12.3-r12-s4
- version/juniper junos/12.3-r12-s6
- version/juniper junos/12.3-r12-s8
- version/juniper junos/12.3x48
- version/juniper junos/12.3x48-d10
- version/juniper junos/12.3x48-d15
- version/juniper junos/12.3x48-d20
- version/juniper junos/12.3x48-d25
- version/juniper junos/12.3x48-d30
- version/juniper junos/12.3x48-d35
- version/juniper junos/12.3x48-d40
- version/juniper junos/12.3x48-d45
- version/juniper junos/12.3x48-d50
- version/juniper junos/12.3x48-d51
- version/juniper junos/12.3x48-d55
- version/juniper junos/12.3x48-d60
- version/juniper junos/12.3x48-d65
- version/juniper junos/12.3x48-d70
- version/juniper junos/12.3x48-d75
- version/juniper junos/12.3x48-d80
- version/juniper junos/14.1x50
- version/juniper junos/14.1x50-d60
- version/juniper junos/14.1x53
- version/juniper junos/14.1x53-d10
- version/juniper junos/14.1x53-d15
- version/juniper junos/14.1x53-d16
- version/juniper junos/14.1x53-d25
- version/juniper junos/14.1x53-d26
- version/juniper junos/14.1x53-d27
- version/juniper junos/14.1x53-d30
- version/juniper junos/14.1x53-d35
- version/juniper junos/14.1x53-d40
- version/juniper junos/14.1x53-d42
- version/juniper junos/14.1x53-d43
- version/juniper junos/14.1x53-d44
- version/juniper junos/14.1x53-d45
- version/juniper junos/15.1
- version/juniper junos/15.1-a1
- version/juniper junos/15.1-f
- version/juniper junos/15.1-f1
- version/juniper junos/15.1-f2
- version/juniper junos/15.1-f2-s1
- version/juniper junos/15.1-f2-s2
- version/juniper junos/15.1-f2-s3
- version/juniper junos/15.1-f2-s4
- version/juniper junos/15.1-f3
- version/juniper junos/15.1-f4
- version/juniper junos/15.1-f5
- version/juniper junos/15.1-f5-s7
- version/juniper junos/15.1-f6
- version/juniper junos/15.1-f6-s1
- version/juniper junos/15.1-f6-s12
- version/juniper junos/15.1-f6-s2
- version/juniper junos/15.1-f6-s3
- version/juniper junos/15.1-f6-s4
- version/juniper junos/15.1-f6-s7
- version/juniper junos/15.1-f7
- version/juniper junos/15.1-r1
- version/juniper junos/15.1x49
- version/juniper junos/15.1x49-d10
- version/juniper junos/15.1x49-d100
- version/juniper junos/15.1x49-d110
- version/juniper junos/15.1x49-d120
- version/juniper junos/15.1x49-d130
- version/juniper junos/15.1x49-d140
- version/juniper junos/15.1x49-d15
- version/juniper junos/15.1x49-d150
- version/juniper junos/15.1x49-d160
- version/juniper junos/15.1x49-d20
- version/juniper junos/15.1x49-d25
- version/juniper junos/15.1x49-d30
- version/juniper junos/15.1x49-d35
- version/juniper junos/15.1x49-d40
- version/juniper junos/15.1x49-d45
- version/juniper junos/15.1x49-d50
- version/juniper junos/15.1x49-d55
- version/juniper junos/15.1x49-d60
- version/juniper junos/15.1x49-d65
- version/juniper junos/15.1x49-d70
- version/juniper junos/15.1x49-d75
- version/juniper junos/15.1x49-d80
- version/juniper junos/15.1x49-d90
- version/juniper junos/15.1x53
- version/juniper junos/15.1x53-d10
- version/juniper junos/15.1x53-d20
- version/juniper junos/15.1x53-d21
- version/juniper junos/15.1x53-d25
- version/juniper junos/15.1x53-d30
- version/juniper junos/15.1x53-d31
- version/juniper junos/15.1x53-d32
- version/juniper junos/15.1x53-d33
- version/juniper junos/15.1x53-d34
- version/juniper junos/15.1x53-d40
- version/juniper junos/15.1x53-d45
- version/juniper junos/15.1x53-d47
- version/juniper junos/15.1x53-d48
- version/juniper junos/15.1x53-d50
- version/juniper junos/15.1x53-d51
- version/juniper junos/15.1x53-d52
- version/juniper junos/15.1x53-d55
- version/juniper junos/15.1x53-d56
- version/juniper junos/15.1x53-d57
- version/juniper junos/15.1x53-d58
- version/juniper junos/15.1x53-d59
- version/juniper junos/15.1x53-d60
- version/juniper junos/15.1x53-d61
- version/juniper junos/15.1x53-d62
- version/juniper junos/15.1x53-d63
- version/juniper junos/15.1x53-d64
- version/juniper junos/15.1x53-d65
- version/juniper junos/15.1x53-d66