Juniper Junos MACsec Packet protection mechanism

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Juniper Junos (Router Operating System) (affected version not known) and classified as problematic. Affected by this issue is an unknown function of the component MACsec Packet Handler. Upgrading eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1063995711/20/2020VulD...cve_cnaJuniper Networks, Inc.nvd.nist.gov11/20/2020accepted70
1063995611/20/2020VulD...cvss2_nvd_aiNnvd.nist.gov11/20/2020accepted70
1063995511/20/2020VulD...cvss2_nvd_iiPnvd.nist.gov11/20/2020accepted70
1063995411/20/2020VulD...cvss2_nvd_ciPnvd.nist.gov11/20/2020accepted70
1063995311/20/2020VulD...cvss2_nvd_auNnvd.nist.gov11/20/2020accepted70
1063995211/20/2020VulD...cvss2_nvd_acLnvd.nist.gov11/20/2020accepted70
1063995111/20/2020VulD...cvss2_nvd_avAnvd.nist.gov11/20/2020accepted70
1063995011/20/2020VulD...confirm_urlhttps://kb.juniper.net/JSA11071cve.mitre.org11/20/2020accepted70
1063994911/20/2020VulD...cve_nvd_summaryJuniper Networks Junos OS and Junos OS Evolved fail to drop/discard delayed MACsec packets (e.g. delayed by more than 2 seconds). Per the specification, called the "bounded receive delay", there should be no replies to delayed MACsec packets. Any MACsec traffic delayed more than 2 seconds should be dropped and late drop counters should increment. Without MACsec delay protection, an attacker could exploit the delay to spoof or decrypt packets. This issue affects: Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8, 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: all versions prior to 19.4R3-EVO; 20.1 versions prior to 20.1R2-EVO. This issue does not affect Junos OS versions prior to 16.1R1.cve.mitre.org11/20/2020accepted70
1063994811/20/2020VulD...cve_assigned1572822000cve.mitre.org11/20/2020accepted70
1063995811/19/2020VulD...cvss2_nvd_basescore4.8nist.gov11/19/2020accepted90
1052842110/17/2020VulD...price_0day$5k-$25ksee documentation10/17/2020accepted90
1052842010/17/2020VulD...cvss3_meta_tempscore5.2see documentation10/17/2020accepted90
1052841910/17/2020VulD...cvss3_meta_basescore5.4see documentation10/17/2020accepted90
1052841810/17/2020VulD...cvss3_vuldb_tempscore5.210/17/2020accepted90
1052841710/17/2020VulD...cvss3_vuldb_basescore5.410/17/2020accepted90
1052841610/17/2020VulD...cvss2_vuldb_tempscore4.210/17/2020accepted90
1052841510/17/2020VulD...cvss2_vuldb_basescore4.810/17/2020accepted90
1052841410/17/2020VulD...cvss3_vuldb_eXderived from historical data10/17/2020accepted80
1052841310/17/2020VulD...cvss2_vuldb_rcNDderived from historical data10/17/2020accepted80

Want to stay up to date on a daily basis?

Enable the mail alert feature now!