CVE-2020-1679— Junos OS: PTX/QFX Series: Kernel Routing Table (KRT) queue stuck after packet sampling a malformed packet when the tunnel-observation mpls-over-udp configuration is enabled.
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-1679
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Junos OS: PTX/QFX Series: Kernel Routing Table (KRT) queue stuck after packet sampling a malformed packet when the tunnel-observation mpls-over-udp configuration is enabled.
Source: NVD (National Vulnerability Database)
Vulnerability Description
On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device > show krt state ... Number of async queue entries: 65007 <--- this value keep on increasing. When this issue occurs, the following message might appear in the /var/log/messages: DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Too many delayed route/nexthop unrefs. Op 2 err 55, rtsm_id 5:-1, msg type 2 DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Memory usage of M_RTNEXTHOP type = (0) Max size possible for M_RTNEXTHOP type = (7297134592) Current delayed unref = (60000), Current unique delayed unref = (18420), Max delayed unref on this platform = (40000) Current delayed weight unref = (60000) Max delayed weight unref on this platform= (400000) curproc = rpd This issue affects Juniper Networks Junos OS on PTX/QFX Series: 17.2X75 versions prior to 17.2X75-D105; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Juniper Networks Junos OS PTX和Junos OS QFX 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Juniper Networks Junos OS PTX和Junos OS QFX都是美国瞻博网络(Juniper Networks)公司的产品。Junos OS PTX是一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。Junos OS QFX是一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Junos OS PTX/QFX存在安全漏洞,攻击者可利用该漏洞可以通过J-Flow采样触发致命错误,以触发拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Juniper Networks | Junos OS | unspecified ~ 18.1R1 | - |
II. Public POCs for CVE-2020-1679
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-1679
请登录查看更多情报信息。
Same Patch Batch · Juniper Networks · 2020-10-16 · 30 CVEs total
| CVE-2020-1656 | 8.8 HIGH | Junos OS: When a DHCPv6 Relay-Agent is configured upon receipt of a specific DHCPv6 client |
| CVE-2020-1673 | 8.8 HIGH | Junos OS: Reflected Cross-site Scripting vulnerability in J-Web and web based (HTTP/HTTPS) |
| CVE-2020-1660 | 8.3 HIGH | Junos OS: MX Series: Receipt of specific packets can cause services card to restart when D |
| CVE-2020-1675 | 8.3 HIGH | Juniper Networks Mist Cloud UI: SAML authentication certificate vulnerability. |
| CVE-2020-1667 | 8.3 HIGH | Junos OS: MX Series: Services card might restart due to a race condition when DNS filterin |
| CVE-2020-1664 | 7.8 HIGH | Junos OS: Buffer overflow vulnerability in device control daemon |
| CVE-2020-1657 | 7.5 HIGH | Junos OS: SRX Series: An attacker sending spoofed packets to IPSec peers may cause a Denia |
| CVE-2020-1686 | 7.5 HIGH | Junos OS: Kernel crash (vmcore) upon receipt of a malformed IPv6 packet. |
| CVE-2020-1684 | 7.5 HIGH | Junos OS: SRX Series: High CPU load due to processing for HTTP traffic when Application Id |
| CVE-2020-1683 | 7.5 HIGH | Junos OS: Memory leak leads to kernel crash (vmcore) due to SNMP polling |
| CVE-2020-1672 | 7.5 HIGH | Junos OS: jdhcpd process crash when processing a specific DHCPDv6 packet in DHCPv6 relay c |
| CVE-2020-1671 | 7.5 HIGH | Junos OS: Receipt of malformed DHCPv6 packets causes jdhcpd to crash. |
| CVE-2020-1662 | 7.5 HIGH | Junos OS and Junos OS Evolved: RPD crash due to BGP session flapping. |
| CVE-2020-1676 | 7.2 HIGH | Juniper Networks Mist Cloud UI: SAML authentication response handling vulnerability. |
| CVE-2020-1677 | 7.2 HIGH | Juniper Networks Mist Cloud UI: SAML authentication attribute elements handling vulnerabil |
| CVE-2020-1666 | 6.6 MEDIUM | Junos OS Evolved: 'console log-out-on-disconnect' fails to terminate session on console ca |
| CVE-2020-1681 | 6.5 MEDIUM | Junos OS Evolved: Receipt of a specifically malformed NDP packet could lead to Denial of S |
| CVE-2020-1689 | 6.5 MEDIUM | Junos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 |
| CVE-2020-1688 | 6.5 MEDIUM | Junos OS: SRX and NFX Series: Insufficient Web API private key protection |
| CVE-2020-1687 | 6.5 MEDIUM | Junos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 |
Showing top 20 of 30 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Junos OS
- CVE-2026-33791
Junos OS and Junos OS Evolved: Execution of crafted CLI comm - CVE-2026-33790
Junos OS: SRX Series: In a NAT64 configuration, receipt of a - CVE-2026-33787
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specifi - CVE-2026-33785
Junos OS: MX Series: Missing Authorization for specific 'req - CVE-2026-33781
Junos OS: EX Series, QFX Series: In a VXLAN scenario when sp
Same vendor: Juniper Networks
- CVE-2026-33791
Junos OS and Junos OS Evolved: Execution of crafted CLI comm - CVE-2026-33790
Junos OS: SRX Series: In a NAT64 configuration, receipt of a - CVE-2026-33787
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specifi - CVE-2026-33785
Junos OS: MX Series: Missing Authorization for specific 'req - CVE-2026-33784
JSI Virtual Lightweight Collector: Default password is not r
Same weakness: CWE-20
V. Comments for CVE-2020-1679
No comments yet