What is the severity of CVE-2020-1645?

CVE-2020-1645 has a critical severity rating due to the potential for denial of service.

How do I fix CVE-2020-1645?

To fix CVE-2020-1645, apply the appropriate security patch provided by Juniper Networks for affected Junos versions.

What versions of Junos are affected by CVE-2020-1645?

CVE-2020-1645 affects Junos versions 17.3 and 18.3 through 19.4, including specific revisions within those ranges.

What is the impact of CVE-2020-1645?

The impact of CVE-2020-1645 may result in the Multiservices PIC Management Daemon crashing, leading to potential service disruption.

Is there a workaround for CVE-2020-1645?

A temporary workaround for CVE-2020-1645 is to disable DNS filtering on affected Junos devices until a patch is applied.

Vulnerability/
CVE-2020-1645

high

8.3

CWE

362

8/7/2020

4/8/2024

CVE-2020-1645: Junos OS: MX Series: Services card might restart when DNS filtering is enabled

First published: Wed Jul 08 2020(Updated: )

When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. If the issue occurs, system core-dumps output will show a crash of mspmand process: root@device> show system core-dumps -rw-rw---- 1 nobody wheel 575685123 <Date> /var/tmp/pics/mspmand.core.<*>.gz This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R2.

Credit: sirt@juniper.net

Affected Software	Affected Version	How to fix
Juniper Junos	=17.3
Juniper Junos	=17.3-r1-s1
Juniper Junos	=17.3-r2
Juniper Junos	=17.3-r2-s1
Juniper Junos	=17.3-r2-s2
Juniper Junos	=17.3-r2-s3
Juniper Junos	=17.3-r2-s4
Juniper Junos	=17.3-r3
Juniper Junos	=17.3-r3-s1
Juniper Junos	=17.3-r3-s2
Juniper Junos	=17.3-r3-s3
Juniper Junos	=17.3-r3-s4
Juniper Junos	=17.3-r3-s7
Juniper Junos	=18.3
Juniper Junos	=18.3-r1
Juniper Junos	=18.3-r1-s1
Juniper Junos	=18.3-r1-s2
Juniper Junos	=18.3-r1-s3
Juniper Junos	=18.3-r1-s5
Juniper Junos	=18.3-r1-s6
Juniper Junos	=18.3-r2
Juniper Junos	=18.3-r2-s1
Juniper Junos	=18.3-r2-s2
Juniper Junos	=18.3-r2-s3
Juniper Junos	=18.3-r3
Juniper Junos	=18.4
Juniper Junos	=18.4-r1
Juniper Junos	=18.4-r1-s1
Juniper Junos	=18.4-r1-s2
Juniper Junos	=18.4-r1-s5
Juniper Junos	=18.4-r1-s6
Juniper Junos	=18.4-r2
Juniper Junos	=18.4-r2-s1
Juniper Junos	=18.4-r2-s2
Juniper Junos	=18.4-r2-s3
Juniper Junos	=18.4-r2-s4
Juniper Junos	=19.1
Juniper Junos	=19.1-r1
Juniper Junos	=19.1-r1-s1
Juniper Junos	=19.1-r1-s2
Juniper Junos	=19.1-r1-s3
Juniper Junos	=19.1-r1-s4
Juniper Junos	=19.1-r2
Juniper Junos	=19.1-r2-s1
Juniper Junos	=19.2
Juniper Junos	=19.2-r1
Juniper Junos	=19.2-r1-s1
Juniper Junos	=19.2-r1-s2
Juniper Junos	=19.2-r1-s3
Juniper Junos	=19.2-r1-s4
Juniper Junos	=19.3
Juniper Junos	=19.3-r1
Juniper Junos	=19.3-r1-s1
Juniper Junos	=19.3-r2
Juniper Junos	=19.3-r2-s1
Juniper Junos	=19.3-r2-s2
Juniper Junos	=19.4-r1
Juniper Junos	=19.4-r1-s1
Juniper Junos	=19.4-r1-s2

Remedy

The following software releases have been updated to resolve this specific issue: 18.3R2-S4, 18.3R3-S1, 18.4R2-S5, 18.4R3, 19.1R2-S2, 19.1R3, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2, 20.1R1, and all subsequent releases.

Never miss a vulnerability like this again

Reference Links

https://kb.juniper.net/JSA11028

Frequently Asked Questions

What is the severity of CVE-2020-1645?
CVE-2020-1645 has a critical severity rating due to the potential for denial of service.
How do I fix CVE-2020-1645?
To fix CVE-2020-1645, apply the appropriate security patch provided by Juniper Networks for affected Junos versions.
What versions of Junos are affected by CVE-2020-1645?
CVE-2020-1645 affects Junos versions 17.3 and 18.3 through 19.4, including specific revisions within those ranges.
What is the impact of CVE-2020-1645?
The impact of CVE-2020-1645 may result in the Multiservices PIC Management Daemon crashing, leading to potential service disruption.
Is there a workaround for CVE-2020-1645?
A temporary workaround for CVE-2020-1645 is to disable DNS filtering on affected Junos devices until a patch is applied.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/remedy
agent/last-modified-date
agent/title
agent/author
agent/weakness
agent/severity
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/juniper
canonical/juniper junos
version/juniper junos/17.3
version/juniper junos/17.3-r1-s1
version/juniper junos/17.3-r2
version/juniper junos/17.3-r2-s1
version/juniper junos/17.3-r2-s2
version/juniper junos/17.3-r2-s3
version/juniper junos/17.3-r2-s4
version/juniper junos/17.3-r3
version/juniper junos/17.3-r3-s1
version/juniper junos/17.3-r3-s2
version/juniper junos/17.3-r3-s3
version/juniper junos/17.3-r3-s4
version/juniper junos/17.3-r3-s7
version/juniper junos/18.3
version/juniper junos/18.3-r1
version/juniper junos/18.3-r1-s1
version/juniper junos/18.3-r1-s2
version/juniper junos/18.3-r1-s3
version/juniper junos/18.3-r1-s5
version/juniper junos/18.3-r1-s6
version/juniper junos/18.3-r2
version/juniper junos/18.3-r2-s1
version/juniper junos/18.3-r2-s2
version/juniper junos/18.3-r2-s3
version/juniper junos/18.3-r3
version/juniper junos/18.4
version/juniper junos/18.4-r1
version/juniper junos/18.4-r1-s1
version/juniper junos/18.4-r1-s2
version/juniper junos/18.4-r1-s5
version/juniper junos/18.4-r1-s6
version/juniper junos/18.4-r2
version/juniper junos/18.4-r2-s1
version/juniper junos/18.4-r2-s2
version/juniper junos/18.4-r2-s3
version/juniper junos/18.4-r2-s4
version/juniper junos/19.1
version/juniper junos/19.1-r1
version/juniper junos/19.1-r1-s1
version/juniper junos/19.1-r1-s2
version/juniper junos/19.1-r1-s3
version/juniper junos/19.1-r1-s4
version/juniper junos/19.1-r2
version/juniper junos/19.1-r2-s1
version/juniper junos/19.2
version/juniper junos/19.2-r1
version/juniper junos/19.2-r1-s1
version/juniper junos/19.2-r1-s2
version/juniper junos/19.2-r1-s3
version/juniper junos/19.2-r1-s4
version/juniper junos/19.3
version/juniper junos/19.3-r1
version/juniper junos/19.3-r1-s1
version/juniper junos/19.3-r2
version/juniper junos/19.3-r2-s1
version/juniper junos/19.3-r2-s2
version/juniper junos/19.4-r1
version/juniper junos/19.4-r1-s1
version/juniper junos/19.4-r1-s2