CVE-2020-1662

On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3.

Published: Oct 16, 2020
Updated: May 4, 2025
CVE: CVE-2020-1662
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
juniper / junos	18.3-r2	18.3-r2.x
juniper / junos	17.4-r3	17.4-r3.x
juniper / junos	17.3-r3-s3	17.3-r3-s3.x
juniper / junos	17.3-r3-s4	17.3-r3-s4.x
juniper / junos	17.4-r2-s4	17.4-r2-s4.x
juniper / junos	19.1-r1	19.1-r1.x
juniper / junos	17.4-r2-s5	17.4-r2-s5.x
juniper / junos	17.4-r2-s6	17.4-r2-s6.x
juniper / junos	17.4-r2-s7	17.4-r2-s7.x
juniper / junos	19.2-r1	19.2-r1.x
juniper / junos	18.4-r2	18.4-r2.x
juniper / junos	18.2-r3	18.2-r3.x
juniper / junos	18.1-r3-s6	18.1-r3-s6.x
juniper / junos	18.1-r3-s7	18.1-r3-s7.x
juniper / junos	19.1-r1-s1	19.1-r1-s1.x
juniper / junos	19.1-r1-s3	19.1-r1-s3.x
juniper / junos	19.1-r1-s2	19.1-r1-s2.x
juniper / junos	19.2-r1-s1	19.2-r1-s1.x
juniper / junos	19.2-r1-s2	19.2-r1-s2.x
juniper / junos	18.2-r3-s1	18.2-r3-s1.x
juniper / junos	18.3-r2-s1	18.3-r2-s1.x
juniper / junos	18.3-r2-s2	18.3-r2-s2.x
juniper / junos	17.4-r2-s8	17.4-r2-s8.x
juniper / junos	18.4-r2-s1	18.4-r2-s1.x
juniper / junos	19.3	19.3.x
juniper / junos	19.3-r1	19.3-r1.x
juniper / junos	18.4-r2-s2	18.4-r2-s2.x
juniper / junos	18.2-r3-s2	18.2-r3-s2.x
juniper / junos	18.1-r3-s8	18.1-r3-s8.x
juniper / junos	19.2-r1-s3	19.2-r1-s3.x
juniper / junos	18.3-r3	18.3-r3.x
juniper / junos	19.4-r1	19.4-r1.x
juniper / junos	19.3-r2	19.3-r2.x
juniper / junos	19.1-r2	19.1-r2.x
juniper / junos	18.4-r3	18.4-r3.x
juniper / junos	18.4-r2-s3	18.4-r2-s3.x
juniper / junos	18.3-r3-s1	18.3-r3-s1.x
juniper / junos	18.1-r3-s9	18.1-r3-s9.x
juniper / junos	17.3-r3-s7	17.3-r3-s7.x
juniper / junos	19.3-r2-s1	19.3-r2-s1.x
juniper / junos	19.3-r1-s1	19.3-r1-s1.x
juniper / junos	20.1-r1	20.1-r1.x
juniper / junos	19.4-r1-s1	19.4-r1-s1.x
juniper / junos	19.3-r2-s2	19.3-r2-s2.x
juniper / junos	19.1-r1-s4	19.1-r1-s4.x
juniper / junos	18.3-r2-s3	18.3-r2-s3.x
juniper / junos	18.2-r3-s3	18.2-r3-s3.x
juniper / junos	17.4-r3-s1	17.4-r3-s1.x
juniper / junos	17.4-r2-s9	17.4-r2-s9.x
juniper / junos	17.2-r3-s3	17.2-r3-s3.x
juniper / junos	18.2x75-d51	18.2x75-d51.x
juniper / junos	18.4-r3-s1	18.4-r3-s1.x
juniper / junos	18.4-r2-s4	18.4-r2-s4.x
juniper / junos	19.1-r2-s1	19.1-r2-s1.x
juniper / junos	19.1-r3	19.1-r3.x
juniper / junos	19.4-r1-s2	19.4-r1-s2.x
juniper / junos	20.1-r1-s1	20.1-r1-s1.x
juniper / junos	18.2x75-d60	18.2x75-d60.x
juniper / junos	18.2x75-d50	18.2x75-d50.x

https://kb.juniper.net/JSA11059

Vulnerability Database

CVE-2020-1662