CVE-2020-1670 : What You Need to Know

On Juniper Networks EX4300 Series, a vulnerability can cause high CPU load due to specific IPv4 packets, potentially leading to network issues. This CVE affects various Junos OS versions.

Understanding CVE-2020-1670

This CVE involves a vulnerability in Junos OS that can impact the routing engine on EX4300 Series devices when exposed to certain IPv4 packets.

What is CVE-2020-1670?

A stream of specific IPv4 packets received by EX4300 Series devices can trigger a high CPU load on the Routing Engine, potentially causing network protocol operation problems and traffic interruptions. This issue only arises from packets within the device's broadcast domain.

The Impact of CVE-2020-1670

The vulnerability's exploitation can result in a high CPU load on the Routing Engine, leading to potential network protocol operation disturbances and traffic interruptions on affected devices.

Technical Details of CVE-2020-1670

This section covers specific technical aspects of the vulnerability.

Vulnerability Description

The vulnerability allows malicious IPv4 packets within the broadcast domain to cause high CPU load on the Routing Engine of Juniper Networks EX4300 Series.

Affected Systems and Versions

The vulnerability affects the following Junos OS versions on EX4300 series:

17.3 versions prior to 17.3R3-S9
17.4 versions prior to 17.4R2-S11, 17.4R3-S2
18.1 versions prior to 18.1R3-S10
18.2 versions prior to 18.2R3-S4
18.3 versions prior to 18.3R2-S4, 18.3R3-S2
18.4 versions prior to 18.4R2-S4, 18.4R3-S2
19.1 versions prior to 19.1R2-S2, 19.1R3-S1
19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3
19.3 versions prior to 19.3R2-S4, 19.3R3
19.4 versions prior to 19.4R1-S3, 19.4R2
20.1 versions prior to 20.1R1-S3, 20.1R2

Exploitation Mechanism

The vulnerability occurs when specific IPv4 packets enter the IRB interface within the broadcast domain, triggering a high CPU load.

Mitigation and Prevention

Effective mitigation techniques and preventive measures are crucial to address this vulnerability.

Immediate Steps to Take

Apply provided software releases that resolve the issue.

Long-Term Security Practices

Regularly update Junos OS to the latest versions.
Implement network segmentation to prevent potential packet-based attacks.
Conduct regular security assessments to detect and address vulnerabilities.

Patching and Updates

Ensure that systems running Junos OS on EX4300 Series are updated to one of the patched software releases: 17.3R3-S9, 17.4R2-S11, 17.4R3-S2, 18.1R3-S10, 18.2R3-S4, 18.3R2-S4, 18.3R3-S2, 18.4R2-S4, 18.4R3-S2, 19.1R2-S2, 19.1R3-S1, 19.2R1-S5, 19.2R2-S1, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2, 20.1R1-S3, 20.1R2, 20.2R1, or subsequent releases.