CVE-2020-1653 : Security Advisory and Response

On Juniper Networks Junos OS devices, a vulnerability can lead to kernel crash (vmcore) or FPC crash due to an mbuf leak. Learn about the impact, technical details, and mitigation steps for CVE-2020-1653.

Understanding CVE-2020-1653

This vulnerability affects Juniper Networks Junos OS devices due to mbuf leak leading to system crashes.

What is CVE-2020-1653?

The vulnerability in Juniper Networks Junos OS allows a stream of TCP packets to the Routing Engine causing mbuf leak, potentially crashing the Flexible PIC Concentrator (FPC) or the system.

The Impact of CVE-2020-1653

The issue affects devices running Junos OS from version 17.4R1 onwards.
It may result in FPC crashes or vmcore occurrences, making the device inaccessible and requiring manual restart.

Technical Details of CVE-2020-1653

This section delves into the technical aspects of the CVE.

Vulnerability Description

Triggered by TCP packets, the vulnerability causes an mbuf leak on the Routing Engine.

Affected Systems and Versions

Versions affected: 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4, 19.1, 19.2, 19.3, and 19.4.

Exploitation Mechanism

The issue arises when a stream of TCP packets is sent to the RE, leading to the mbuf leak.

Mitigation and Prevention

Explore the essential steps to mitigate and prevent the impact of this vulnerability.

Immediate Steps to Take

Check if DDoS feature is enabled and use firewall filters to limit incoming packets towards the RE.

Long-Term Security Practices

Regularly monitor and apply software updates from Juniper Networks.

Patching and Updates

Update to the following software releases: 17.4R2-S11, 17.4R3-S2, 18.1R3-S10, 18.2R2-S7, 18.2R3-S5, 18.2X75-D41, 18.2X75-D420.12, 18.2X75-D51, 18.2X75-D60, 18.2X75-D34, 18.3R2-S4, 18.3R3-S2, 18.4R1-S7, 18.4R2-S4, 18.4R3-S1, 19.1R1-S5, 19.1R2-S1, 19.1R3, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S2, 19.4R2, 20.1R1, and subsequent releases.