CVE-2020-1601

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 15.1F6-S13 Juniper Networks Junos OS versions prior to 15.1R7-S4 Juniper Networks Junos OS versions prior to 15.1X49-D180 on SRX Series Juniper Networks Junos OS versions prior to 15.1X53-D238 Juniper Networks Junos OS versions prior to 15.1X53-D496 Juniper Networks Junos OS versions prior to 15.1X53-D592 Juniper Networks Junos OS versions prior to 16.1R7-S4 Juniper Networks Junos OS versions prior to 16.2R2-S9 Juniper Networks Junos OS versions prior to 17.1R2-S11 Juniper Networks Junos OS versions prior to 17.1R3 Juniper Networks Junos OS versions prior to 17.2R1-S9 Juniper Networks Junos OS versions prior to 17.2R3-S2 Juniper Networks Junos OS versions prior to 17.3R3-S3 Juniper Networks Junos OS versions prior to 17.4R2-S2 Juniper Networks Junos OS versions prior to 17.4R3 Juniper Networks Junos OS versions prior to 18.1R3-S2 Juniper Networks Junos OS versions prior to 18.2R2-S6 Juniper Networks Junos OS versions prior to 18.2R3 Juniper Networks Junos OS versions prior to 18.2X75-D40 Juniper Networks Junos OS versions prior to 18.3R2 Juniper Networks Junos OS versions prior to 18.4R1-S2 Juniper Networks Junos OS versions prior to 18.4R2

Description The issue is caused by insufficient input validation in the Path Computation Element Protocol (PCEP) implementation of Juniper Networks Junos OS. This allows an attacker to cause a Denial of Service (DoS) by sending certain types of malformed PCEP packets, which can crash the pccd process and generate a core file. Continued receipt of these packets can cause an extended DoS condition.

Recommendations As a temporary workaround, consider disabling the PCEP protocol until a patch is available. Restrict access to the pccd process to minimize the risk of exploitation. Update to a version of Juniper Networks Junos OS that is not affected by this issue, such as 15.1F6-S13 or later, 15.1R7-S4 or later, 15.1X49-D180 or later on SRX Series, 15.1X53-D238 or later, 15.1X53-D496 or later, 15.1X53-D592 or later, 16.1R7-S4 or later, 16.2R2-S9 or later, 17.1R2-S11 or later, 17.1R3 or later, 17.2R1-S9 or later, 17.2R3-S2 or later, 17.3R3-S3 or later, 17.4R2-S2 or later, 17.4R3 or later, 18.1R3-S2 or later, 18.2R2-S6 or later, 18.2R3 or later, 18.2X75-D40 or later, 18.3R2 or later, 18.4R1-S2 or later, 18.4R2 or later.