CVE-2020-1689

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 17.3R3-S9 Junos OS versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3 Junos OS versions prior to 18.1R3-S11 Junos OS versions prior to 18.2R3-S5 Junos OS versions prior to 18.3R2-S4, 18.3R3-S3 Junos OS versions prior to 18.4R2-S5, 18.4R3-S4 Junos OS versions prior to 19.1R3-S2 Junos OS versions prior to 19.2R1-S5, 19.2R3 Junos OS versions prior to 19.3R2-S4, 19.3R3 Junos OS versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3 Junos OS versions prior to 20.1R1-S3, 20.1R2

Description The issue is related to an uncontrolled resource consumption in Junos OS on certain Juniper Networks devices, including EX4300-MP Series, EX4600 Series, and QFX5K Series. This can be exploited by a remote attacker using specially crafted layer 2 frames, potentially leading to a denial of service. The offending packets can only originate from within the broadcast domain where the device is connected. This issue does not affect devices deployed in a Stand Alone configuration.

Recommendations For Junos OS versions prior to 17.3R3-S9, update to 17.3R3-S9 or later. For Junos OS versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3, update to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3 or later. For Junos OS versions prior to 18.1R3-S11, update to 18.1R3-S11 or later. For Junos OS versions prior to 18.2R3-S5, update to 18.2R3-S5 or later. For Junos OS versions prior to 18.3R2-S4, 18.3R3-S3, update to 18.3R2-S4, 18.3R3-S3 or later. For Junos OS versions prior to 18.4R2-S5, 18.4R3-S4, update to 18.4R2-S5, 18.4R3-S4 or later. For Junos OS versions prior to 19.1R3-S2, update to 19.1R3-S2 or later. For Junos OS versions prior to 19.2R1-S5, 19.2R3, update to 19.2R1-S5, 19.2R3 or later. For Junos OS versions prior to 19.3R2-S4, 19.3R3, update to 19.3R2-S4, 19.3R3 or later. For Junos OS versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3, update to 19.4R1-S3, 19.4R2-S1, 19.4R3 or later. For Junos OS versions prior to 20.1R1-S3, 20.1R2, update to 20.1R1-S3, 20.1R2 or later.