CVE-2020-1613

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 12.3 through 18.2X75-D20

Description: A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. This issue affects IPv4 and IPv6 BGP FlowSpec deployment. The BGP NOTIFICATION message that terminates an established BGP session is sent toward the peer device that originally sent the specific BGP FlowSpec advertisement. This specific BGP FlowSpec advertisement received from a BGP peer might get propagated from a Junos OS device running the fixed release to another device that is vulnerable, causing BGP session termination downstream.

Recommendations: For Juniper Networks Junos OS versions 12.3 through 18.2X75-D20, update to a fixed release to resolve the issue. As a temporary workaround, consider restricting the propagation of BGP FlowSpec advertisements from vulnerable devices to minimize the risk of exploitation. Restrict access to the BGP FlowSpec implementation to minimize the risk of exploitation. Avoid using the BGP FlowSpec feature in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.