CVE-2020-1674 Information

Description

Juniper Networks Junos OS and Junos OS Evolved fail to drop/discard delayed MACsec packets (e.g. delayed by more than 2 seconds). Per the specification called the \bounded receive delay\ there should be no replies to delayed MACsec packets. Any MACsec traffic delayed more than 2 seconds should be dropped and late drop counters should increment. Without MACsec delay protection an attacker could exploit the delay to spoof or decrypt packets. This issue affects: Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8 17.3R3-S9; 17.4 versions prior to 17.4R2-S11 17.4R3-S2; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4 18.3R3-S3; 18.4 versions prior to 18.4R1-S7 18.4R2-S5 18.4R3-S3; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5 19.2R3; 19.3 versions prior to 19.3R2-S3 19.3R3; 19.4 versions prior to 19.4R1-S2 19.4R2-S1 19.4R3; 20.1 versions prior to 20.1R1-S2 20.1R2. Juniper Networks Junos OS Evolved: all versions prior to 19.4R3-EVO; 20.1 versions prior to 20.1R2-EVO. This issue does not affect Junos OS versions prior to 16.1R1.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Reference

https://ieeexplore.ieee.org/document/1678345 https://kb.juniper.net/JSA11071 https://www.juniper.net/documentation/en_US/junos/topics/concept/macsec.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4