Vulnerability Details CVE-2020-1684
On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when Intrusion Detection and Prevention (IDP), AppFW, AppQoS, or AppTrack is configured. Thus, this issue might occur when IDP, AppFW, AppQoS, or AppTrack is configured. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230; 17.4 versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 4.3
Products affected by CVE-2020-1684
-
cpe:2.3:o:juniper:junos:12.3x48
-
cpe:2.3:o:juniper:junos:15.1x49
-
cpe:2.3:o:juniper:junos:17.4
-
cpe:2.3:o:juniper:junos:18.1
-
cpe:2.3:o:juniper:junos:18.2
-
cpe:2.3:o:juniper:junos:18.3
-
cpe:2.3:o:juniper:junos:18.4
-
cpe:2.3:o:juniper:junos:19.1
-
cpe:2.3:o:juniper:junos:19.2
-
cpe:2.3:o:juniper:junos:19.3
-
cpe:2.3:o:juniper:junos:19.4