CVE-2020-1626

Name of the Vulnerable Software and Affected Versions: Junos OS Evolved versions prior to 19.1R1-EVO

Description: A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash. The pfemand process is responsible for packet forwarding on the device. By continuously sending the packet flood, an attacker can repeatedly crash the pfemand process, causing a sustained Denial of Service. This issue can only be triggered by traffic sent to the device, and transit traffic does not cause this issue.

Recommendations: For versions prior to 19.1R1-EVO, update to version 19.1R1-EVO or later to resolve the issue. As a temporary workaround, consider implementing rate limiting on incoming traffic to minimize the risk of exploitation. Restrict access to the device to trusted sources to reduce the likelihood of an attack.