CVE-2020-1626
HIGHJuniper Junos OS Evolved - Denial of Service via pfemand Process Crash
Title source: llmDescription
A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash. The pfemand process is responsible for packet forwarding on the device. By continuously sending the packet flood, an attacker can repeatedly crash the pfemand process causing a sustained Denial of Service. This issue can only be triggered by traffic sent to the device. Transit traffic does not cause this issue. This issue affects all version of Junos OS Evolved prior to 19.1R1-EVO.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://tools.ietf.org/html/rfc6192
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA11005
Scores
CVSS v3
7.5
EPSS
0.0047
EPSS Percentile
64.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (1)
juniper/junos_os_evolved
18.3 r1
Published
Apr 08, 2020
Tracked Since
Feb 18, 2026