CVE-2020-1662 Information
Description
On Juniper Networks Junos OS and Junos OS Evolved devices BGP session flapping can lead to a routing process daemon (RPD) crash and restart limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions prior to 17.3R3-S8; 17.4 version 17.4R2-S4 17.4R3 and later versions prior to 17.4R2-S10 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50 18.2X75-D60 and later versions prior to 18.2X75-D53 18.2X75-D65; 18.3 version 18.3R2 and later versions prior to 18.3R2-S4 18.3R3-S2; 18.4 version 18.4R2 and later versions prior to 18.4R2-S5 18.4R3-S2; 19.1 version 19.1R1 and later versions prior to 19.1R2-S2 19.1R3-S1; 19.2 version 19.2R1 and later versions prior to 19.2R1-S5 19.2R2; 19.3 versions prior to 19.3R2-S3 19.3R3; 19.4 versions prior to 19.4R1-S3 19.4R2; 20.1 versions prior to 20.1R1-S2 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Reference
https://kb.juniper.net/JSA11059
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
7.5
Share on: