CVE-2020-1661

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 12.3R12-S16 Junos OS versions prior to 12.3X48-D105 on SRX Series Junos OS versions prior to 14.1X53-D60 on EX and QFX Series Junos OS versions prior to 15.1R7-S7 Junos OS versions prior to 15.1X49-D221 Junos OS versions prior to 15.1X49-D230 on SRX Series Junos OS versions prior to 15.1X53-D593 on EX2300/EX3400 Junos OS versions prior to 16.1R7-S5

Description The issue affects Juniper Networks Junos OS devices configured as a DHCP forwarder. When receiving a malformed DHCP packet, the jdhcp process might crash, leading to an extended Denial of Service (DoS) condition. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of the malformed packet will repeatedly crash jdhcpd. This issue can only be triggered by DHCPv4 and not by DHCPv6.

Recommendations For Junos OS versions prior to 12.3R12-S16, update to 12.3R12-S16 or later. For Junos OS versions prior to 12.3X48-D105 on SRX Series, update to 12.3X48-D105 or later. For Junos OS versions prior to 14.1X53-D60 on EX and QFX Series, update to 14.1X53-D60 or later. For Junos OS versions prior to 15.1R7-S7, update to 15.1R7-S7 or later. For Junos OS versions prior to 15.1X49-D221, update to 15.1X49-D221 or later. For Junos OS versions prior to 15.1X49-D230 on SRX Series, update to 15.1X49-D230 or later. For Junos OS versions prior to 15.1X53-D593 on EX2300/EX3400, update to 15.1X53-D593 or later. For Junos OS versions prior to 16.1R7-S5, update to 16.1R7-S5 or later.