CVE-2020-1643

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 12.3X48-D100 Junos OS versions prior to 14.1X53-D140 Junos OS versions prior to 14.1X53-D54 Junos OS versions prior to 15.1R7-S7 Junos OS versions prior to 15.1X49-D210 Junos OS versions prior to 15.1X53-D593 Junos OS versions prior to 16.1R7-S8 Junos OS versions prior to 17.1R2-S12 Junos OS versions prior to 17.2R3-S4 Junos OS versions prior to 17.3R3-S8 Junos OS versions prior to 17.4R2-S2 Junos OS versions prior to 17.4R3 Junos OS versions prior to 18.1R3-S2 Junos OS versions prior to 18.2R2 Junos OS versions prior to 18.2R3 Junos OS versions prior to 18.2X75-D40 Junos OS versions prior to 18.3R1-S2 Junos OS versions prior to 18.3R2

Description: The issue is related to the execution of specific CLI commands, "show ospf interface extensive" or "show ospf interface detail", on Juniper Networks devices running Junos OS, which can cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured. This can lead to a Denial of Service (DoS). A local attacker can repeatedly crash the RPD process by continuously executing the same CLI commands, causing a sustained Denial of Service. The issue affects systems utilizing ARM processors, found on the EX2300 and EX3400 devices.

Recommendations: For Junos OS versions prior to 12.3X48-D100, update to version 12.3X48-D100 or later. For Junos OS versions prior to 14.1X53-D140, update to version 14.1X53-D140 or later. For Junos OS versions prior to 14.1X53-D54, update to version 14.1X53-D54 or later. For Junos OS versions prior to 15.1R7-S7, update to version 15.1R7-S7 or later. For Junos OS versions prior to 15.1X49-D210, update to version 15.1X49-D210 or later. For Junos OS versions prior to 15.1X53-D593, update to version 15.1X53-D593 or later. For Junos OS versions prior to 16.1R7-S8, update to version 16.1R7-S8 or later. For Junos OS versions prior to 17.1R2-S12, update to version 17.1R2-S12 or later. For Junos OS versions prior to 17.2R3-S4, update to version 17.2R3-S4 or later. For Junos OS versions prior to 17.3R3-S8, update to version 17.3R3-S8 or later. For Junos OS versions prior to 17.4R2-S2, update to version 17.4R2-S2 or later. For Junos OS versions prior to 17.4R3, update to version 17.4R3 or later. For Junos OS versions prior to 18.1R3-S2, update to version 18.1R3-S2 or later. For Junos OS versions prior to 18.2R2, update to version 18.2R2 or later. For Junos OS versions prior to 18.2R3, update to version 18.2R3 or later. For Junos OS versions prior to 18.2X75-D40, update to version 18.2X75-D40 or later. For Junos OS versions prior to 18.3R1-S2, update to version 18.3R1-S2 or later. For Junos OS versions prior to 18.3R2, update to version 18.3R2 or later. As a temporary workaround, consider restricting access to the "show ospf interface extensive" and "show ospf interface detail" CLI commands to minimize the risk of exploitation.