CVE-2020-1684

Summary

On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when Intrusion Detection and Prevention (IDP), AppFW, AppQoS, or AppTrack is configured. Thus, this issue might occur when IDP, AppFW, AppQoS, or AppTrack is configured. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230; 17.4 versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS12.3X48 < 12.3X48-D105affected
Juniper NetworksJunos OS15.1X49 < 15.1X49-D221, 15.1X49-D230affected
Juniper NetworksJunos OS17.4 < 17.4R3-S3affected
Juniper NetworksJunos OS18.1 < 18.1R3-S11affected
Juniper NetworksJunos OS18.2 < 18.2R3-S3affected
Juniper NetworksJunos OS18.3 < 18.3R2-S4, 18.3R3-S2affected
Juniper NetworksJunos OS18.4 < 18.4R2-S5, 18.4R3-S1affected
Juniper NetworksJunos OS19.1 < 19.1R2-S2, 19.1R3affected
Juniper NetworksJunos OS19.2 < 19.2R1-S5, 19.2R2affected
Juniper NetworksJunos OS19.3 < 19.3R3affected
Juniper NetworksJunos OS19.4 < 19.4R2affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

Workarounds

There are no viable workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

References