SB2020010336 - Denial of service in Junos OS BBE configurations
Published: January 3, 2020 Updated: October 26, 2023
Security Bulletin ID
SB2020010336
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper input validation (CVE-ID: CVE-2020-1608)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Problem Receipt of a specific packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of packets destined to BBE clients connected to MX Series subscriber management platforms.
Remediation
Install update from vendor's website.