PT-2020-5144 · Juniper Networks · Junos
Published
2020-10-14
·
Updated
2020-10-27
·
CVE-2020-1657
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Junos OS on SRX Series versions prior to 12.3X48-D90
Junos OS on SRX Series versions prior to 15.1X49-D190
Junos OS on SRX Series versions prior to 17.4R2-S9, 17.4R3
Junos OS on SRX Series versions prior to 18.1R3-S9
Junos OS on SRX Series versions prior to 18.2R3
Junos OS on SRX Series versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3
Junos OS on SRX Series versions prior to 18.4R1-S6, 18.4R2-S3, 18.4R3
Junos OS on SRX Series versions prior to 19.1R1-S4, 19.1R2
Description
A vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established, causing a failure to set up the IPSec channel. Sustained receipt of these spoofed packets can cause a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 implementations.
Recommendations
For versions prior to 12.3X48-D90, update to 12.3X48-D90 or later.
For versions prior to 15.1X49-D190, update to 15.1X49-D190 or later.
For versions prior to 17.4R2-S9, 17.4R3, update to 17.4R2-S9, 17.4R3 or later.
For versions prior to 18.1R3-S9, update to 18.1R3-S9 or later.
For versions prior to 18.2R3, update to 18.2R3 or later.
For versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3, update to 18.3R1-S7, 18.3R2-S3, 18.3R3 or later.
For versions prior to 18.4R1-S6, 18.4R2-S3, 18.4R3, update to 18.4R1-S6, 18.4R2-S3, 18.4R3 or later.
For versions prior to 19.1R1-S4, 19.1R2, update to 19.1R1-S4, 19.1R2 or later.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos