CVE-2020-1657: Junos OS: SRX Series: An attacker sending spoofed packets to IPSec peers may cause a Denial of Service.

First published: Fri Oct 16 2020(Updated: )

On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel. Sustained receipt of these spoofed packets can cause a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 implementations. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D190; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S6, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2. This issue does not affect 12.3 or 15.1 releases which are non-SRX Series releases.

Credit: sirt@juniper.net

Affected Software	Affected Version	How to fix
Juniper JUNOS	=12.3x48
Juniper JUNOS	=12.3x48-d10
Juniper JUNOS	=12.3x48-d15
Juniper JUNOS	=12.3x48-d20
Juniper JUNOS	=12.3x48-d25
Juniper JUNOS	=12.3x48-d30
Juniper JUNOS	=12.3x48-d35
Juniper JUNOS	=12.3x48-d40
Juniper JUNOS	=12.3x48-d45
Juniper JUNOS	=12.3x48-d50
Juniper JUNOS	=12.3x48-d51
Juniper JUNOS	=12.3x48-d55
Juniper JUNOS	=12.3x48-d60
Juniper JUNOS	=12.3x48-d65
Juniper JUNOS	=12.3x48-d70
Juniper JUNOS	=12.3x48-d75
Juniper JUNOS	=12.3x48-d80
Juniper JUNOS	=15.1x49
Juniper JUNOS	=15.1x49-d10
Juniper JUNOS	=15.1x49-d100
Juniper JUNOS	=15.1x49-d110
Juniper JUNOS	=15.1x49-d120
Juniper JUNOS	=15.1x49-d130
Juniper JUNOS	=15.1x49-d140
Juniper JUNOS	=15.1x49-d15
Juniper JUNOS	=15.1x49-d150
Juniper JUNOS	=15.1x49-d160
Juniper JUNOS	=15.1x49-d170
Juniper JUNOS	=15.1x49-d180
Juniper JUNOS	=17.4
Juniper JUNOS	=17.4-r1
Juniper JUNOS	=17.4-r1-s1
Juniper JUNOS	=17.4-r1-s2
Juniper JUNOS	=17.4-r1-s4
Juniper JUNOS	=17.4-r1-s5
Juniper JUNOS	=17.4-r1-s6
Juniper JUNOS	=17.4-r1-s7
Juniper JUNOS	=17.4-r2
Juniper JUNOS	=17.4-r2-s1
Juniper JUNOS	=17.4-r2-s10
Juniper JUNOS	=17.4-r2-s2
Juniper JUNOS	=17.4-r2-s3
Juniper JUNOS	=17.4-r2-s4
Juniper JUNOS	=17.4-r2-s5
Juniper JUNOS	=17.4-r2-s6
Juniper JUNOS	=17.4-r2-s7
Juniper JUNOS	=17.4-r2-s8
Juniper JUNOS	=18.1
Juniper JUNOS	=18.1-r1
Juniper JUNOS	=18.1-r2
Juniper JUNOS	=18.1-r2-s1
Juniper JUNOS	=18.1-r2-s2
Juniper JUNOS	=18.1-r2-s4
Juniper JUNOS	=18.1-r3
Juniper JUNOS	=18.1-r3-s1
Juniper JUNOS	=18.1-r3-s2
Juniper JUNOS	=18.1-r3-s3
Juniper JUNOS	=18.1-r3-s4
Juniper JUNOS	=18.1-r3-s6
Juniper JUNOS	=18.1-r3-s7
Juniper JUNOS	=18.1-r3-s8
Juniper JUNOS	=18.2
Juniper JUNOS	=18.2-r1
Juniper JUNOS	=18.2-r1
Juniper JUNOS	=18.2-r1-s3
Juniper JUNOS	=18.2-r1-s4
Juniper JUNOS	=18.2-r1-s5
Juniper JUNOS	=18.2-r2
Juniper JUNOS	=18.2-r2-s1
Juniper JUNOS	=18.2-r2-s2
Juniper JUNOS	=18.2-r2-s3
Juniper JUNOS	=18.2-r2-s4
Juniper JUNOS	=18.2-r2-s5
Juniper JUNOS	=18.2-r2-s6
Juniper JUNOS	=18.3
Juniper JUNOS	=18.3-r1
Juniper JUNOS	=18.3-r1-s1
Juniper JUNOS	=18.3-r1-s2
Juniper JUNOS	=18.3-r1-s3
Juniper JUNOS	=18.3-r1-s5
Juniper JUNOS	=18.3-r1-s6
Juniper JUNOS	=18.3-r2
Juniper JUNOS	=18.3-r2-s1
Juniper JUNOS	=18.3-r2-s2
Juniper JUNOS	=18.4
Juniper JUNOS	=18.4-r1
Juniper JUNOS	=18.4-r1-s1
Juniper JUNOS	=18.4-r1-s2
Juniper JUNOS	=18.4-r1-s5
Juniper JUNOS	=18.4-r2
Juniper JUNOS	=18.4-r2-s1
Juniper JUNOS	=18.4-r2-s2
Juniper JUNOS	=19.1
Juniper JUNOS	=19.1-r1
Juniper JUNOS	=19.1-r1-s1
Juniper JUNOS	=19.1-r1-s2
Juniper JUNOS	=19.1-r1-s3

Remedy

The following software releases have been updated to resolve this specific issue: 12.3X48-D90, 15.1X49-D190, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R3, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S6, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2, 19.2R1, and all subsequent releases.

Never miss a vulnerability like this again

Reference Links

https://kb.juniper.net/JSA11050

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/remedy
agent/last-modified-date
agent/title
agent/author
agent/weakness
agent/severity
agent/softwarecombine
agent/tags
agent/description
agent/event
agent/first-publish-date
vendor/juniper
canonical/juniper junos
version/juniper junos/12.3x48
version/juniper junos/12.3x48-d10
version/juniper junos/12.3x48-d15
version/juniper junos/12.3x48-d20
version/juniper junos/12.3x48-d25
version/juniper junos/12.3x48-d30
version/juniper junos/12.3x48-d35
version/juniper junos/12.3x48-d40
version/juniper junos/12.3x48-d45
version/juniper junos/12.3x48-d50
version/juniper junos/12.3x48-d51
version/juniper junos/12.3x48-d55
version/juniper junos/12.3x48-d60
version/juniper junos/12.3x48-d65
version/juniper junos/12.3x48-d70
version/juniper junos/12.3x48-d75
version/juniper junos/12.3x48-d80
version/juniper junos/15.1x49
version/juniper junos/15.1x49-d10
version/juniper junos/15.1x49-d100
version/juniper junos/15.1x49-d110
version/juniper junos/15.1x49-d120
version/juniper junos/15.1x49-d130
version/juniper junos/15.1x49-d140
version/juniper junos/15.1x49-d15
version/juniper junos/15.1x49-d150
version/juniper junos/15.1x49-d160
version/juniper junos/15.1x49-d170
version/juniper junos/15.1x49-d180
version/juniper junos/17.4
version/juniper junos/17.4-r1
version/juniper junos/17.4-r1-s1
version/juniper junos/17.4-r1-s2
version/juniper junos/17.4-r1-s4
version/juniper junos/17.4-r1-s5
version/juniper junos/17.4-r1-s6
version/juniper junos/17.4-r1-s7
version/juniper junos/17.4-r2
version/juniper junos/17.4-r2-s1
version/juniper junos/17.4-r2-s10
version/juniper junos/17.4-r2-s2
version/juniper junos/17.4-r2-s3
version/juniper junos/17.4-r2-s4
version/juniper junos/17.4-r2-s5
version/juniper junos/17.4-r2-s6
version/juniper junos/17.4-r2-s7
version/juniper junos/17.4-r2-s8
version/juniper junos/18.1
version/juniper junos/18.1-r1
version/juniper junos/18.1-r2
version/juniper junos/18.1-r2-s1
version/juniper junos/18.1-r2-s2
version/juniper junos/18.1-r2-s4
version/juniper junos/18.1-r3
version/juniper junos/18.1-r3-s1
version/juniper junos/18.1-r3-s2
version/juniper junos/18.1-r3-s3
version/juniper junos/18.1-r3-s4
version/juniper junos/18.1-r3-s6
version/juniper junos/18.1-r3-s7
version/juniper junos/18.1-r3-s8
version/juniper junos/18.2
version/juniper junos/18.2-r1
version/juniper junos/18.2-r1-s3
version/juniper junos/18.2-r1-s4
version/juniper junos/18.2-r1-s5
version/juniper junos/18.2-r2
version/juniper junos/18.2-r2-s1
version/juniper junos/18.2-r2-s2
version/juniper junos/18.2-r2-s3
version/juniper junos/18.2-r2-s4
version/juniper junos/18.2-r2-s5
version/juniper junos/18.2-r2-s6
version/juniper junos/18.3
version/juniper junos/18.3-r1
version/juniper junos/18.3-r1-s1
version/juniper junos/18.3-r1-s2
version/juniper junos/18.3-r1-s3
version/juniper junos/18.3-r1-s5
version/juniper junos/18.3-r1-s6
version/juniper junos/18.3-r2
version/juniper junos/18.3-r2-s1
version/juniper junos/18.3-r2-s2
version/juniper junos/18.4
version/juniper junos/18.4-r1
version/juniper junos/18.4-r1-s1
version/juniper junos/18.4-r1-s2
version/juniper junos/18.4-r1-s5
version/juniper junos/18.4-r2
version/juniper junos/18.4-r2-s1
version/juniper junos/18.4-r2-s2
version/juniper junos/19.1
version/juniper junos/19.1-r1
version/juniper junos/19.1-r1-s1
version/juniper junos/19.1-r1-s2
version/juniper junos/19.1-r1-s3

CVE-2020-1657: Junos OS: SRX Series: An attacker sending spoofed packets to IPSec peers may cause a Denial of Service.

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact