CVE-2020-1668: Junos OS: EX2300 Series: High CPU load due to receipt of specific multicast packets on layer 2 interface
First published: Fri Oct 16 2020(Updated: )
On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption. This issue occurs when multicast packets are received by the layer 2 interface. To check if the device has high CPU load due to this issue, the administrator can issue the following command: user@host> show chassis routing-engine Routing Engine status: ... Idle 2 percent the "Idle" value shows as low (2 % in the example above), and also the following command: user@host> show system processes summary ... PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND 11639 root 52 0 283M 11296K select 12:15 44.97% eventd 11803 root 81 0 719M 239M RUN 251:12 31.98% fxpc{fxpc} the eventd and the fxpc processes might use higher WCPU percentage (respectively 44.97% and 31.98% in the above example). This issue affects Juniper Networks Junos OS on EX2300 Series: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Junos OS Evolved | =18.1 | |
| Junos OS Evolved | =18.1-r1 | |
| Junos OS Evolved | =18.1-r2 | |
| Junos OS Evolved | =18.1-r2-s1 | |
| Junos OS Evolved | =18.1-r2-s2 | |
| Junos OS Evolved | =18.1-r2-s4 | |
| Junos OS Evolved | =18.1-r3 | |
| Junos OS Evolved | =18.1-r3-s1 | |
| Junos OS Evolved | =18.1-r3-s10 | |
| Junos OS Evolved | =18.1-r3-s2 | |
| Junos OS Evolved | =18.1-r3-s3 | |
| Junos OS Evolved | =18.1-r3-s4 | |
| Junos OS Evolved | =18.1-r3-s6 | |
| Junos OS Evolved | =18.1-r3-s7 | |
| Junos OS Evolved | =18.1-r3-s8 | |
| Junos OS Evolved | =18.1-r3-s9 | |
| Junos OS Evolved | =18.2 | |
| Junos OS Evolved | =18.2-r1 | |
| Junos OS Evolved | =18.2-r1 | |
| Junos OS Evolved | =18.2-r1-s3 | |
| Junos OS Evolved | =18.2-r1-s4 | |
| Junos OS Evolved | =18.2-r1-s5 | |
| Junos OS Evolved | =18.2-r2 | |
| Junos OS Evolved | =18.2-r2-s1 | |
| Junos OS Evolved | =18.2-r2-s2 | |
| Junos OS Evolved | =18.2-r2-s3 | |
| Junos OS Evolved | =18.2-r2-s4 | |
| Junos OS Evolved | =18.2-r2-s5 | |
| Junos OS Evolved | =18.2-r2-s6 | |
| Junos OS Evolved | =18.2-r3 | |
| Junos OS Evolved | =18.2-r3-s1 | |
| Junos OS Evolved | =18.2-r3-s2 | |
| Junos OS Evolved | =18.2-r3-s3 | |
| Junos OS Evolved | =18.2-r3-s4 | |
| Junos OS Evolved | =18.3 | |
| Junos OS Evolved | =18.3-r1 | |
| Junos OS Evolved | =18.3-r1-s1 | |
| Junos OS Evolved | =18.3-r1-s2 | |
| Junos OS Evolved | =18.3-r1-s3 | |
| Junos OS Evolved | =18.3-r1-s5 | |
| Junos OS Evolved | =18.3-r1-s6 | |
| Junos OS Evolved | =18.3-r2 | |
| Junos OS Evolved | =18.3-r2-s1 | |
| Junos OS Evolved | =18.3-r2-s2 | |
| Junos OS Evolved | =18.3-r2-s3 | |
| Junos OS Evolved | =18.3-r3 | |
| Junos OS Evolved | =18.3-r3-s1 | |
| Junos OS Evolved | =18.3-r3-s2 | |
| Junos OS Evolved | =18.4 | |
| Junos OS Evolved | =18.4-r1 | |
| Junos OS Evolved | =18.4-r1-s1 | |
| Junos OS Evolved | =18.4-r1-s2 | |
| Junos OS Evolved | =18.4-r1-s5 | |
| Junos OS Evolved | =18.4-r1-s6 | |
| Junos OS Evolved | =18.4-r2 | |
| Junos OS Evolved | =18.4-r2-s1 | |
| Junos OS Evolved | =18.4-r2-s2 | |
| Junos OS Evolved | =18.4-r2-s3 | |
| Junos OS Evolved | =18.4-r2-s4 | |
| Junos OS Evolved | =18.4-r3 | |
| Junos OS Evolved | =18.4-r3-s1 | |
| Junos OS Evolved | =18.4-r3-s2 | |
| Junos OS Evolved | =18.4-r3-s3 | |
| Junos OS Evolved | =19.1 | |
| Junos OS Evolved | =19.1-r1 | |
| Junos OS Evolved | =19.1-r1-s1 | |
| Junos OS Evolved | =19.1-r1-s2 | |
| Junos OS Evolved | =19.1-r1-s3 | |
| Junos OS Evolved | =19.1-r1-s4 | |
| Junos OS Evolved | =19.1-r2 | |
| Junos OS Evolved | =19.1-r2-s1 | |
| Junos OS Evolved | =19.1-r3 | |
| Junos OS Evolved | =19.1-r3-s1 | |
| Junos OS Evolved | =19.2 | |
| Junos OS Evolved | =19.2-r1 | |
| Junos OS Evolved | =19.2-r1-s1 | |
| Junos OS Evolved | =19.2-r1-s2 | |
| Junos OS Evolved | =19.2-r1-s3 | |
| Junos OS Evolved | =19.2-r1-s4 | |
| Junos OS Evolved | =19.3 | |
| Junos OS Evolved | =19.3-r1 | |
| Junos OS Evolved | =19.3-r1-s1 | |
| Junos OS Evolved | =19.3-r2 | |
| Junos OS Evolved | =19.3-r2-s1 | |
| Junos OS Evolved | =19.3-r2-s2 | |
| Junos OS Evolved | =19.3-r2-s3 | |
| Junos OS Evolved | =19.4-r1 | |
| Junos OS Evolved | =19.4-r1-s1 | |
| Junos OS Evolved | =19.4-r1-s2 | |
| Junos OS Evolved | =19.4-r2 | |
| Junos OS Evolved | =20.1-r1 | |
| Junos OS Evolved | =20.1-r1-s1 | |
| Juniper EX2300-24T |
Remedy
The following software releases have been updated to resolve this specific issue: Junos OS 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-1668?
CVE-2020-1668 is classified as a medium severity vulnerability.
How do I fix CVE-2020-1668?
To mitigate CVE-2020-1668, upgrade your Juniper Networks EX2300 Series devices to a patched version of the Junos operating system.
Which devices are affected by CVE-2020-1668?
CVE-2020-1668 affects specific versions of Juniper Networks EX2300 Series devices running the Junos operating system.
What type of attack does CVE-2020-1668 represent?
CVE-2020-1668 allows for potential denial-of-service due to high CPU load from malicious multicast packet streams.
Is there a workaround for CVE-2020-1668?
Currently, there are no documented workarounds for CVE-2020-1668 other than upgrading to a secure version.
- agent/type
- agent/references
- agent/title
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/junos os evolved
- version/junos os evolved/18.1
- version/junos os evolved/18.1-r1
- version/junos os evolved/18.1-r2
- version/junos os evolved/18.1-r2-s1
- version/junos os evolved/18.1-r2-s2
- version/junos os evolved/18.1-r2-s4
- version/junos os evolved/18.1-r3
- version/junos os evolved/18.1-r3-s1
- version/junos os evolved/18.1-r3-s10
- version/junos os evolved/18.1-r3-s2
- version/junos os evolved/18.1-r3-s3
- version/junos os evolved/18.1-r3-s4
- version/junos os evolved/18.1-r3-s6
- version/junos os evolved/18.1-r3-s7
- version/junos os evolved/18.1-r3-s8
- version/junos os evolved/18.1-r3-s9
- version/junos os evolved/18.2
- version/junos os evolved/18.2-r1
- version/junos os evolved/18.2-r1-s3
- version/junos os evolved/18.2-r1-s4
- version/junos os evolved/18.2-r1-s5
- version/junos os evolved/18.2-r2
- version/junos os evolved/18.2-r2-s1
- version/junos os evolved/18.2-r2-s2
- version/junos os evolved/18.2-r2-s3
- version/junos os evolved/18.2-r2-s4
- version/junos os evolved/18.2-r2-s5
- version/junos os evolved/18.2-r2-s6
- version/junos os evolved/18.2-r3
- version/junos os evolved/18.2-r3-s1
- version/junos os evolved/18.2-r3-s2
- version/junos os evolved/18.2-r3-s3
- version/junos os evolved/18.2-r3-s4
- version/junos os evolved/18.3
- version/junos os evolved/18.3-r1
- version/junos os evolved/18.3-r1-s1
- version/junos os evolved/18.3-r1-s2
- version/junos os evolved/18.3-r1-s3
- version/junos os evolved/18.3-r1-s5
- version/junos os evolved/18.3-r1-s6
- version/junos os evolved/18.3-r2
- version/junos os evolved/18.3-r2-s1
- version/junos os evolved/18.3-r2-s2
- version/junos os evolved/18.3-r2-s3
- version/junos os evolved/18.3-r3
- version/junos os evolved/18.3-r3-s1
- version/junos os evolved/18.3-r3-s2
- version/junos os evolved/18.4
- version/junos os evolved/18.4-r1
- version/junos os evolved/18.4-r1-s1
- version/junos os evolved/18.4-r1-s2
- version/junos os evolved/18.4-r1-s5
- version/junos os evolved/18.4-r1-s6
- version/junos os evolved/18.4-r2
- version/junos os evolved/18.4-r2-s1
- version/junos os evolved/18.4-r2-s2
- version/junos os evolved/18.4-r2-s3
- version/junos os evolved/18.4-r2-s4
- version/junos os evolved/18.4-r3
- version/junos os evolved/18.4-r3-s1
- version/junos os evolved/18.4-r3-s2
- version/junos os evolved/18.4-r3-s3
- version/junos os evolved/19.1
- version/junos os evolved/19.1-r1
- version/junos os evolved/19.1-r1-s1
- version/junos os evolved/19.1-r1-s2
- version/junos os evolved/19.1-r1-s3
- version/junos os evolved/19.1-r1-s4
- version/junos os evolved/19.1-r2
- version/junos os evolved/19.1-r2-s1
- version/junos os evolved/19.1-r3
- version/junos os evolved/19.1-r3-s1
- version/junos os evolved/19.2
- version/junos os evolved/19.2-r1
- version/junos os evolved/19.2-r1-s1
- version/junos os evolved/19.2-r1-s2
- version/junos os evolved/19.2-r1-s3
- version/junos os evolved/19.2-r1-s4
- version/junos os evolved/19.3
- version/junos os evolved/19.3-r1
- version/junos os evolved/19.3-r1-s1
- version/junos os evolved/19.3-r2
- version/junos os evolved/19.3-r2-s1
- version/junos os evolved/19.3-r2-s2
- version/junos os evolved/19.3-r2-s3
- version/junos os evolved/19.4-r1
- version/junos os evolved/19.4-r1-s1
- version/junos os evolved/19.4-r1-s2
- version/junos os evolved/19.4-r2
- version/junos os evolved/20.1-r1
- version/junos os evolved/20.1-r1-s1
- canonical/juniper ex2300-24t