A vulnerability classified as critical was found in Juniper Junos (Router Operating System) (the affected version unknown). This vulnerability affects an unknown part of the component Configuration. The manipulation as part of a Multicast Traffic leads to a integer overflow vulnerability. The CWE definition for the vulnerability is CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. As an impact it is known to affect availability. CVE summarizes:

On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Subsequently, all FPCs in a chassis may reset causing a Denial of Service. This issue affects both IPv4 and IPv6. This issue affects: Juniper Networks Junos OS 12.3X48 version 12.3X48-D80 and later versions prior to 12.3X48-D95 on High-End SRX Series. This issue does not affect Branch SRX Series devices.

The weakness was shared 04/08/2020. This vulnerability was named CVE-2020-1634 since 11/04/2019. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available.

Upgrading eliminates this vulnerability.

The entries 152977, 152976, 152975 and 152973 are related to this item.

Productinfo

Type

• Router Operating System

Vendor

• Juniper

Name

• Junos

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion