How severe is CVE-2020-1646?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2020-1646?

This is classified as CWE-159, which is a common weakness in software security.

CVE-2020-1646

HIGH Year: 2020

CVSS v3 Score

7.5

High

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-159

View all →

Vulnerability Description

On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO. Other Junos OS releases are not affected.

CVE-2020-1648

HIGH

CVSS:7.5(High)

On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP sessi...

CWE-1592020

CVE-2020-1653

HIGH

CVSS:7.5(High)

On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and res...

CWE-1592020

CVE-2019-9505

CRITICAL

CVSS:9.8(Critical)

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthentic...

CWE-1592019

CVE-2020-1648

HIGH

CVSS:7.5(High)

CWE-1592020

CVE-2020-1653

HIGH

CVSS:7.5(High)

CWE-1592020

CVE-2021-42375

MEDIUM

CVSS:5.5(Medium)

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved chara...

CWE-1592021

CVE-2020-1646

Vulnerability Description

Related Vulnerabilities

CVE-2020-1648

CVE-2020-1653

CVE-2019-9505

CVE-2020-1648

CVE-2020-1653

CVE-2021-42375