CVE-2020-1648

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 18.2X75-D50.8 through 18.2X75-D52.7, 18.2X75-D60 and later versions prior to 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70; versions 19.4R1 and 19.4R1-S1; versions prior to 20.1R1-S2, 20.1R2 Juniper Networks Junos OS Evolved versions prior to 19.4R2-S2-EVO; versions prior to 20.1R2-EVO

Description: The issue is related to insufficient input validation, which can lead to a routing process daemon (RPD) crash and restart when processing a specific BGP packet. This can occur even before the BGP session with the peer is established, and repeated receipt of this packet can result in an extended Denial of Service (DoS) condition.

Recommendations: For Juniper Networks Junos OS version 18.2X75, update to version 18.2X75-D52.8 or later. For Juniper Networks Junos OS version 19.4, update to a version later than 19.4R1-S1. For Juniper Networks Junos OS version 20.1, update to version 20.1R1-S2 or later. For Juniper Networks Junos OS Evolved version 19.4-EVO, update to version 19.4R2-S2-EVO or later. For Juniper Networks Junos OS Evolved version 20.1-EVO, update to version 20.1R2-EVO or later.