Vulnerabilities > CVE-2020-1657 - Unspecified vulnerability in Juniper Junos

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

juniper

NVD

Published: 2020-10-16

Updated: 2020-10-27

Summary

On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel. Sustained receipt of these spoofed packets can cause a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 implementations. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D190; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S6, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2. This issue does not affect 12.3 or 15.1 releases which are non-SRX Series releases.

Vulnerable Configurations

Part	Description	Count
OS	Juniper Juniper Junos 12.3X48 Juniper Junos 15.1X49 Juniper Junos 17.4 Juniper Junos 18.1 Juniper Junos 18.2 Juniper Junos 18.3 Juniper Junos 18.4 Juniper Junos 19.1	97

References

https://kb.juniper.net/JSA11050