First published: Fri Jul 17 2020(Updated: )
On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine (PFE) on the line card to crash and restart, causing traffic interruption. By continuously sending this stream of specific layer 2 frame, an attacker connected to the same broadcast domain can repeatedly crash the PFE, causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS on MX Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2. This issue does not affect Juniper Networks Junos OS releases prior to 17.2R1.
Credit: sirt@juniper.net
Affected Software | Affected Version | How to fix |
---|---|---|
Juniper JUNOS | =17.2 | |
Juniper JUNOS | =17.2-r1 | |
Juniper JUNOS | =17.2-r1-s1 | |
Juniper JUNOS | =17.2-r1-s2 | |
Juniper JUNOS | =17.2-r1-s3 | |
Juniper JUNOS | =17.2-r1-s4 | |
Juniper JUNOS | =17.2-r1-s5 | |
Juniper JUNOS | =17.2-r1-s7 | |
Juniper JUNOS | =17.2-r1-s8 | |
Juniper JUNOS | =17.2-r2 | |
Juniper JUNOS | =17.2-r2-s11 | |
Juniper JUNOS | =17.2-r2-s6 | |
Juniper JUNOS | =17.2-r2-s7 | |
Juniper JUNOS | =17.2-r3-s1 | |
Juniper JUNOS | =17.2-r3-s2 | |
Juniper JUNOS | =17.2-r3-s3 | |
Juniper JUNOS | =17.2x75 | |
Juniper JUNOS | =17.2x75-d102 | |
Juniper JUNOS | =17.2x75-d50 | |
Juniper JUNOS | =17.2x75-d70 | |
Juniper JUNOS | =17.2x75-d92 | |
Juniper JUNOS | =17.3 | |
Juniper JUNOS | =17.3-r1-s1 | |
Juniper JUNOS | =17.3-r2 | |
Juniper JUNOS | =17.3-r2-s1 | |
Juniper JUNOS | =17.3-r2-s2 | |
Juniper JUNOS | =17.3-r2-s3 | |
Juniper JUNOS | =17.3-r2-s4 | |
Juniper JUNOS | =17.3-r3 | |
Juniper JUNOS | =17.3-r3-s1 | |
Juniper JUNOS | =17.3-r3-s2 | |
Juniper JUNOS | =17.3-r3-s3 | |
Juniper JUNOS | =17.3-r3-s4 | |
Juniper JUNOS | =17.4 | |
Juniper JUNOS | =17.4-r1 | |
Juniper JUNOS | =17.4-r1-s1 | |
Juniper JUNOS | =17.4-r1-s2 | |
Juniper JUNOS | =18.1 | |
Juniper JUNOS | =18.1-r1 | |
Juniper Mx10 | ||
Juniper Mx10000 | ||
Juniper Mx10003 | ||
Juniper Mx104 | ||
Juniper Mx150 | ||
Juniper Mx2008 | ||
Juniper Mx2010 | ||
Juniper Mx2020 | ||
Juniper Mx204 | ||
Juniper Mx240 | ||
Juniper Mx40 | ||
Juniper Mx480 | ||
Juniper Mx5 | ||
Juniper Mx80 | ||
Juniper Mx960 |
The following software releases have been updated to resolve this specific issue: 17.2R3-S4, 17.2X75-D105.19, 17.3R3-S7, 17.4R1-S3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D10, and all subsequent releases.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-1651 is medium with a severity value of 6.5.
Juniper Networks MX series versions 17.2 through 18.1 are affected by CVE-2020-1651.
CVE-2020-1651 is exploited by continuously sending a stream of specific Layer 2 frames, which may cause a memory leak and crash the packet forwarding engine (PFE).
To fix CVE-2020-1651, users should upgrade their Juniper Networks MX series devices to a non-vulnerable version, such as 18.2 or higher.
More information about CVE-2020-1651 can be found on the Juniper Networks Knowledge Base at the following link: https://kb.juniper.net/JSA11038