Juniper Junos Kernel Crash (vmcore) or FPC Crash (JSA11040)

Medium Nessus Plugin ID 138905

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, the Junos OS installed on the remote host is affected by a denial of service (DoS) vulnerability. On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore).
This issue can be trigged by IPv4 or IPv6 and it is caused only by TCP packets. This issue is not related to any specific configuration and it affects Junos OS releases starting from 17.4R1. However, this issue does not affect Junos OS releases prior to 18.2R1 when Nonstop active routing (NSR) is configured [edit routing-options nonstop-routing].
The number of mbufs is platform dependent. Once the device runs out of mbufs, the FPC crashes or the vmcore occurs and the device might become inaccessible requiring a manual restart.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported versio number.

Solution

Apply the relevant Junos software release referenced in Juniper advisory JSA11040

See Also

https://kb.juniper.net/JSA11040

Plugin Details

Severity: Medium

ID: 138905

File Name: juniper_jsa11040.nasl

Version: 1.4

Type: combined

Published: 2020/07/24

Updated: 2020/07/28

Dependencies: 55932

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2020-1653

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/JUNOS/Version

Patch Publication Date: 2020/07/08

Vulnerability Publication Date: 2020/07/08

Reference Information

CVE: CVE-2020-1653

JSA: JSA11040

IAVA: 2020-A-0320