CVE-2020-1649

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 17.2R3-S4 on MX Series Juniper Networks Junos OS versions prior to 17.3R3-S8 on MX Series Juniper Networks Junos OS versions prior to 17.4R2-S9, 17.4R3-S1 on MX Series Juniper Networks Junos OS versions prior to 18.1R3-S10 on MX Series Juniper Networks Junos OS versions prior to 18.2R2-S6, 18.2R3-S3 on MX Series Juniper Networks Junos OS versions prior to 18.2X75-D34, 18.2X75-D41, 18.2X75-D53, 18.2X75-D65, 18.2X75-D430 on MX Series Juniper Networks Junos OS versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S2 on MX Series Juniper Networks Junos OS versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3 on MX Series Juniper Networks Junos OS versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 on MX Series Juniper Networks Junos OS versions prior to 19.2R1-S3, 19.2R2 on MX Series Juniper Networks Junos OS versions prior to 19.3R2-S2, 19.3R3 on MX Series

Description: The issue is related to inline IP reassembly in Juniper Networks Junos OS, which can cause the packet forwarding engine (PFE) to become disabled upon receipt of small fragments requiring reassembly. This can lead to a sustained Denial of Service (DoS) if an attacker continuously sends fragmented packets that cannot be reassembled. The eachip hmcif rx intr handler function and MQSS module are involved in the error handling process, generating error messages such as LOG: Err and LOG: Notice for issues like Packet Error, Injected checksum error, and CMD reorder ID error.

Recommendations: For Juniper Networks Junos OS versions prior to 17.2R3-S4 on MX Series, update to 17.2R3-S4 or later. For Juniper Networks Junos OS versions prior to 17.3R3-S8 on MX Series, update to 17.3R3-S8 or later. For Juniper Networks Junos OS versions prior to 17.4R2-S9, 17.4R3-S1 on MX Series, update to 17.4R2-S9, 17.4R3-S1 or later. For Juniper Networks Junos OS versions prior to 18.1R3-S10 on MX Series, update to 18.1R3-S10 or later. For Juniper Networks Junos OS versions prior to 18.2R2-S6, 18.2R3-S3 on MX Series, update to 18.2R2-S6, 18.2R3-S3 or later. For Juniper Networks Junos OS versions prior to 18.2X75-D34, 18.2X75-D41, 18.2X75-D53, 18.2X75-D65, 18.2X75-D430 on MX Series, update to 18.2X75-D34, 18.2X75-D41, 18.2X75-D53, 18.2X75-D65, 18.2X75-D430 or later. For Juniper Networks Junos OS versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S2 on MX Series, update to 18.3R1-S7, 18.3R2-S4, 18.3R3-S2 or later. For Juniper Networks Junos OS versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3 on MX Series, update to 18.4R1-S6, 18.4R2-S4, 18.4R3 or later. For Juniper Networks Junos OS versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 on MX Series, update to 19.1R1-S4, 19.1R2-S1, 19.1R3 or later. For Juniper Networks Junos OS versions prior to 19.2R1-S3, 19.2R2 on MX Series, update to 19.2R1-S3, 19.2R2 or later. For Juniper Networks Junos OS versions prior to 19.3R2-S2, 19.3R3 on MX Series, update to 19.3R2-S2, 19.3R3 or later.