CVE-2020-1646

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 17.3R3-S6 through 18.1R3-S7 Juniper Networks Junos OS Evolved versions 19.2R2-EVO through versions prior to 19.3R1-EVO

Description: The issue occurs when a specific UPDATE for an EBGP peer is processed, leading to a routing process daemon (RPD) crash and restart. This happens only when the device is receiving and processing the BGP UPDATE for an EBGP peer, not for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagate through the network via IBGP peers without causing a crash, and then cause an RPD crash when processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition.

Recommendations: For Juniper Networks Junos OS versions 17.3R3-S6 through 18.1R3-S7, update to a version outside of the affected range. For Juniper Networks Junos OS Evolved versions 19.2R2-EVO through versions prior to 19.3R1-EVO, update to version 19.3R1-EVO or later. As a temporary workaround, consider restricting the receipt and processing of BGP UPDATEs from EBGP peers to minimize the risk of exploitation.