Home

CVE-2020-1643

Description

Execution of the show ospf interface extensive or show ospf interface detail CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS). By continuously executing the same CLI commands, a local attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Note: Only systems utilizing ARM processors, found on the EX2300 and EX3400, are vulnerable to this issue. Systems shipped with other processor architectures are not vulnerable to this issue. The processor architecture can be displayed via the uname -a command. For example: ARM (vulnerable): % uname -a | awk {print $NF} arm PowerPC (not vulnerable): % uname -a | awk {print $NF} powerpc AMD (not vulnerable): % uname -a | awk {print $NF} amd64 Intel (not vulnerable): % uname -a | awk {print $NF} i386 This issue affects Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D100; 14.1X53 versions prior to 14.1X53-D140, 14.1X53-D54; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D210; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R2.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.139

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-1637,CVE-2020-1643 are fixed in junos 12.3x48-d100NCM
Vulnerabilities CVE-2020-1643 are fixed in junos 14.1x53-d140NCM
Multiple Vulnerabilities are fixed in junos 15.1R7-S7NCM
Multiple Vulnerabilities are fixed in junos 16.1R7-S8NCM
Vulnerabilities CVE-2020-1643,CVE-2021-0245,CVE-2021-0273 are fixed in junos 17.1R2-S12NCM
Multiple Vulnerabilities are fixed in junos 17.2R3-S4NCM
Multiple Vulnerabilities are fixed in junos 17.3R3-S8NCM
Vulnerabilities CVE-2020-1601,CVE-2020-1643 are fixed in junos 17.4r2-s2NCM
Vulnerabilities CVE-2019-0049,CVE-2020-1601,CVE-2020-1643 are fixed in junos 18.1r3-s2NCM
Multiple Vulnerabilities are fixed in junos 18.2r2NCM
Multiple Vulnerabilities are fixed in junos 18.3r1-s2NCM
Improper Handling of Exceptional Conditions Vulnerability (CVE-2020-1643)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234