VYPR
Unrated severityNVD Advisory· Published Oct 16, 2020· Updated Sep 17, 2024

Junos OS: SRX Series: High CPU load due to processing for HTTP traffic when Application Identification is enabled.

CVE-2020-1684

Description

On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when Intrusion Detection and Prevention (IDP), AppFW, AppQoS, or AppTrack is configured. Thus, this issue might occur when IDP, AppFW, AppQoS, or AppTrack is configured. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230; 17.4 versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2.

Affected products

2
  • Juniper Networks/Junosllm-fuzzy2 versions
    <12.3X48-D105, <15.1X49-D221/ D230, <17.4R3, <18.1R3-S11, <18.2R3-S3, <18.3R2-S4/R3-S2, <18.4R2-S5/R3-S1, <19.1R2-S2/R3, <19.2R1-S5/R2, <19.3R3, <19.4R2+ 1 more
    • (no CPE)range: <12.3X48-D105, <15.1X49-D221/ D230, <17.4R3, <18.1R3-S11, <18.2R3-S3, <18.3R2-S4/R3-S2, <18.4R2-S5/R3-S1, <19.1R2-S2/R3, <19.2R1-S5/R2, <19.3R3, <19.4R2
    • (no CPE)range: 12.3X48

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.