Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2020-AVI-198
Vulnerability from certfr_avis - Published: 2020-04-09 - Updated: 2020-04-09
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved | Junos OS Evolved 19.1R1-EVO, 19.2R1-EVO et 19.3R1-EVO | ||
| Owncloud | Core | JATP-OS All-In-One et JATP-OS Core versions antérieures à 5.0.6.0 | ||
| N/A | N/A | Série NFX250 versions antérieures à 19.2R1 | ||
| N/A | N/A | JSA versions antérieures à 7.3.2 Patch 5 et 7.3.3 Patch 1 FixPack 1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.1X46-D86, 12.3R12-S14, 12.3X48-D80, 12.3X48-D86, 12.3X48-D90, 12.3X48-D95, 14.1X53-D51, 14.1X53-D53, 15.1F6-S13, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X49-D210, 15.1X53-D238, 15.1X53-D497, 15.1X53-D592, 15.1X53-D593, 16.1R4-S13, 16.1R7-S4, 16.1R7-S6, 16.1R7-S7, 16.2R2-S10, 16.2R2-S11, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.1R3-S2, 17.2R1-S9, 17.2R2-S7, 17.2R2-S8, 17.2R3, 17.2R3-S3, 17.2X75-D102, 17.2X75-D105, 17.2X75-D110, 17.2X75-D44, 17.3R2-S5, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R1-S8, 17.4R2, 17.4R2-S5, 17.4R2-S6, 17.4R2-S7, 17.4R2-S8, 17.4R2-S9, 17.4R3, 18.1R2-S4, 18.1R3, 18.1R3-S4, 18.1R3-S7, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S5, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S1, 18.2R3-S2, 18.2R3-S3, 18.2X75-D12, 18.2X75-D20, 18.2X75-D30, 18.2X75-D33, 18.2X75-D410, 18.2X75-D411, 18.2X75-D420, 18.2X75-D50, 18.2X75-D51, 18.2X75-D60, 18.3R1-S5, 18.3R1-S6, 18.3R1-S7, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.3R3-S1, 18.4R1, 18.4R1-S4, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S1, 18.4R2-S2, 18.4R2-S3, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.1R3, 19.2R1, 19.2R1-S1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R2, 19.3R1, 19.3R1-S1, 19.3R2, 19.3R3 et 19.4R1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS Evolved 19.1R1-EVO, 19.2R1-EVO et 19.3R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "JATP-OS All-In-One et JATP-OS Core versions ant\u00e9rieures \u00e0 5.0.6.0",
"product": {
"name": "Core",
"vendor": {
"name": "Owncloud",
"scada": false
}
}
},
{
"description": "S\u00e9rie NFX250 versions ant\u00e9rieures \u00e0 19.2R1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "JSA versions ant\u00e9rieures \u00e0 7.3.2 Patch 5 et 7.3.3 Patch 1 FixPack 1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.1X46-D86, 12.3R12-S14, 12.3X48-D80, 12.3X48-D86, 12.3X48-D90, 12.3X48-D95, 14.1X53-D51, 14.1X53-D53, 15.1F6-S13, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X49-D210, 15.1X53-D238, 15.1X53-D497, 15.1X53-D592, 15.1X53-D593, 16.1R4-S13, 16.1R7-S4, 16.1R7-S6, 16.1R7-S7, 16.2R2-S10, 16.2R2-S11, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.1R3-S2, 17.2R1-S9, 17.2R2-S7, 17.2R2-S8, 17.2R3, 17.2R3-S3, 17.2X75-D102, 17.2X75-D105, 17.2X75-D110, 17.2X75-D44, 17.3R2-S5, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R1-S8, 17.4R2, 17.4R2-S5, 17.4R2-S6, 17.4R2-S7, 17.4R2-S8, 17.4R2-S9, 17.4R3, 18.1R2-S4, 18.1R3, 18.1R3-S4, 18.1R3-S7, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S5, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S1, 18.2R3-S2, 18.2R3-S3, 18.2X75-D12, 18.2X75-D20, 18.2X75-D30, 18.2X75-D33, 18.2X75-D410, 18.2X75-D411, 18.2X75-D420, 18.2X75-D50, 18.2X75-D51, 18.2X75-D60, 18.3R1-S5, 18.3R1-S6, 18.3R1-S7, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.3R3-S1, 18.4R1, 18.4R1-S4, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S1, 18.4R2-S2, 18.4R2-S3, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.1R3, 19.2R1, 19.2R1-S1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R2, 19.3R1, 19.3R1-S1, 19.3R2, 19.3R3 et 19.4R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-4556",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4556"
},
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2020-1621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1621"
},
{
"name": "CVE-2019-4509",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4509"
},
{
"name": "CVE-2019-4454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4454"
},
{
"name": "CVE-2019-10173",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10173"
},
{
"name": "CVE-2020-1626",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1626"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2020-1627",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1627"
},
{
"name": "CVE-2020-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1620"
},
{
"name": "CVE-2019-4581",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4581"
},
{
"name": "CVE-2019-11478",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
},
{
"name": "CVE-2018-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6918"
},
{
"name": "CVE-2018-1139",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1139"
},
{
"name": "CVE-2020-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1615"
},
{
"name": "CVE-2018-11784",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11784"
},
{
"name": "CVE-2016-1285",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1285"
},
{
"name": "CVE-2020-1616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1616"
},
{
"name": "CVE-2020-1618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1618"
},
{
"name": "CVE-2018-10858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10858"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2019-4470",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4470"
},
{
"name": "CVE-2013-7285",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7285"
},
{
"name": "CVE-2020-1632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1632"
},
{
"name": "CVE-2020-1622",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1622"
},
{
"name": "CVE-2020-1634",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1634"
},
{
"name": "CVE-2018-6916",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6916"
},
{
"name": "CVE-2019-11479",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
},
{
"name": "CVE-2020-1623",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1623"
},
{
"name": "CVE-2018-11237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11237"
},
{
"name": "CVE-2020-1619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1619"
},
{
"name": "CVE-2019-11477",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
},
{
"name": "CVE-2019-0071",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0071"
},
{
"name": "CVE-2020-1629",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1629"
},
{
"name": "CVE-2020-1624",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1624"
},
{
"name": "CVE-2020-1625",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1625"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2020-1630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1630"
},
{
"name": "CVE-2016-1286",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1286"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4559"
},
{
"name": "CVE-2020-1613",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1613"
},
{
"name": "CVE-2020-1617",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1617"
},
{
"name": "CVE-2020-1614",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1614"
},
{
"name": "CVE-2020-1628",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1628"
}
],
"initial_release_date": "2020-04-09T00:00:00",
"last_revision_date": "2020-04-09T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-198",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11004 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11004\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10997 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10997\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11002 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11002\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10994 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10994\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11003 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11003\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10998 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10998\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11010 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11010\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11013 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11013\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11009 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11009\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11016 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11016\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10999 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10999\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11014 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11014\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11006 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11006\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11008 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11008\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11005 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11005\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11001 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11001\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10996 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10996\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11007 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11007\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11000 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11000\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CVE-2020-1617 (GCVE-0-2020-1617)
Vulnerability from cvelistv5 – Published: 2020-04-08 19:25 – Updated: 2024-09-16 18:03
VLAI
EPSS
Title
Junos OS: PTX1000 and PTX10000 Series, QFX10000 Series using non-AFT architectures: A specific genuine packet inspected by sFlow will cause a reboot.
Summary
This issue occurs on Juniper Networks Junos OS devices which do not support Advanced Forwarding Interface (AFI) / Advanced Forwarding Toolkit (AFT). Devices using AFI and AFT are not exploitable to this issue. An improper initialization of memory in the packet forwarding architecture in Juniper Networks Junos OS non-AFI/AFT platforms which may lead to a Denial of Service (DoS) vulnerability being exploited when a genuine packet is received and inspected by non-AFT/AFI sFlow and when the device is also configured with firewall policers. This first genuine packet received and inspected by sampled flow (sFlow) through a specific firewall policer will cause the device to reboot. After the reboot has completed, if the device receives and sFlow inspects another genuine packet seen through a specific firewall policer, the device will generate a core file and reboot. Continued inspection of these genuine packets will create an extended Denial of Service (DoS) condition. Depending on the method for service restoration, e.g. hard boot or soft reboot, a core file may or may not be generated the next time the packet is received and inspected by sFlow. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S9, 17.4R3 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.1 versions prior to 18.1R3-S9 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D30 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.2 versions prior to 18.2R3 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.3 versions prior to 18.3R3 on PTX1000 and PTX10000 Series, QFX10000 Series. This issue is not applicable to Junos OS versions before 17.4R1. This issue is not applicable to Junos OS Evolved or Junos OS with Advanced Forwarding Toolkit (AFT) forwarding implementations which use a different implementation of sFlow. The following example information is unrelated to this issue and is provided solely to assist you with determining if you have AFT or not. Example: A Junos OS device which supports the use of EVPN signaled VPWS with Flexible Cross Connect uses the AFT implementation. Since this configuration requires support and use of the AFT implementation to support this configuration, the device is not vulnerable to this issue as the sFlow implementation is different using the AFT architecture. For further details about AFT visit the AFI / AFT are in the links below. If you are uncertain if you use the AFI/AFT implementation or not, there are configuration examples in the links below which you may use to determine if you are vulnerable to this issue or not. If the commands work, you are. If not, you are not. You may also use the Feature Explorer to determine if AFI/AFT is supported or not. If you are still uncertain, please contact your support resources.
Severity
7.5 (High)
CWE
- Denial of Service (DoS)
- CWE-665 - Improper Initialization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11000 | x_refsource_MISC |
| https://github.com/Juniper/AFI | x_refsource_MISC |
| https://www.juniper.net/documentation/en_US/junos… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
17.4 , < 17.4R2-S9, 17.4R3
(custom)
Affected: 18.1 , ≤ 18.1R3-S9 (custom) Affected: 18.2X75 , < 18.2X75-D12, 18.2X75-D30 (custom) Affected: 18.2 , < 18.2R3 (custom) Affected: 18.3 , < 18.3R3 (custom) |
Date Public
2020-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11000"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Juniper/AFI"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/example/example-configuring-vpws-service-with-evpn-signaling-mechanisms.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"PTX1000 and PTX10000 Series, QFX10000 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.4R2-S9, 17.4R3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThanOrEqual": "18.1R3-S9",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2X75-D12, 18.2X75-D30",
"status": "affected",
"version": "18.2X75",
"versionType": "custom"
},
{
"lessThan": "18.2R3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3",
"status": "affected",
"version": "18.3",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The corrupted memory initialization is restricted to the sFlow process.\nThe firewall policer provides the method for the exploitation to take place.\nDisabling either resolves the exploitation of this issue, but does not fix the underlying vulnerability.\n\nThe following minimal configuration is required for the issue to be seen: \n firewall policer\nand\n sflow"
}
],
"datePublic": "2020-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This issue occurs on Juniper Networks Junos OS devices which do not support Advanced Forwarding Interface (AFI) / Advanced Forwarding Toolkit (AFT). Devices using AFI and AFT are not exploitable to this issue. An improper initialization of memory in the packet forwarding architecture in Juniper Networks Junos OS non-AFI/AFT platforms which may lead to a Denial of Service (DoS) vulnerability being exploited when a genuine packet is received and inspected by non-AFT/AFI sFlow and when the device is also configured with firewall policers. This first genuine packet received and inspected by sampled flow (sFlow) through a specific firewall policer will cause the device to reboot. After the reboot has completed, if the device receives and sFlow inspects another genuine packet seen through a specific firewall policer, the device will generate a core file and reboot. Continued inspection of these genuine packets will create an extended Denial of Service (DoS) condition. Depending on the method for service restoration, e.g. hard boot or soft reboot, a core file may or may not be generated the next time the packet is received and inspected by sFlow. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S9, 17.4R3 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.1 versions prior to 18.1R3-S9 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D30 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.2 versions prior to 18.2R3 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.3 versions prior to 18.3R3 on PTX1000 and PTX10000 Series, QFX10000 Series. This issue is not applicable to Junos OS versions before 17.4R1. This issue is not applicable to Junos OS Evolved or Junos OS with Advanced Forwarding Toolkit (AFT) forwarding implementations which use a different implementation of sFlow. The following example information is unrelated to this issue and is provided solely to assist you with determining if you have AFT or not. Example: A Junos OS device which supports the use of EVPN signaled VPWS with Flexible Cross Connect uses the AFT implementation. Since this configuration requires support and use of the AFT implementation to support this configuration, the device is not vulnerable to this issue as the sFlow implementation is different using the AFT architecture. For further details about AFT visit the AFI / AFT are in the links below. If you are uncertain if you use the AFI/AFT implementation or not, there are configuration examples in the links below which you may use to determine if you are vulnerable to this issue or not. If the commands work, you are. If not, you are not. You may also use the Feature Explorer to determine if AFI/AFT is supported or not. If you are still uncertain, please contact your support resources."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-08T19:25:54.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11000"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Juniper/AFI"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/example/example-configuring-vpws-service-with-evpn-signaling-mechanisms.html"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 17.4R2-S9, 17.4R3;18.2X75-D12, 18.2X75-D30, 18.1R3-S9, 18.2R3, 18.3R3, 18.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11000",
"defect": [
"1372944"
],
"discovery": "USER"
},
"title": "Junos OS: PTX1000 and PTX10000 Series, QFX10000 Series using non-AFT architectures: A specific genuine packet inspected by sFlow will cause a reboot.",
"workarounds": [
{
"lang": "en",
"value": "Discontinue use of firewall policers.\nOr\nDiscontinue use of sFlow.\nOr\nBoth of the above. It is not required to discontinue both to mitigate the issue.\n\nThere are no other available workarounds."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T15:00:00.000Z",
"ID": "CVE-2020-1617",
"STATE": "PUBLIC",
"TITLE": "Junos OS: PTX1000 and PTX10000 Series, QFX10000 Series using non-AFT architectures: A specific genuine packet inspected by sFlow will cause a reboot."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "PTX1000 and PTX10000 Series, QFX10000 Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S9, 17.4R3"
},
{
"platform": "PTX1000 and PTX10000 Series, QFX10000 Series",
"version_affected": "\u003c=",
"version_name": "18.1",
"version_value": "18.1R3-S9"
},
{
"platform": "PTX1000 and PTX10000 Series, QFX10000 Series",
"version_affected": "\u003c",
"version_name": "18.2X75",
"version_value": "18.2X75-D12, 18.2X75-D30"
},
{
"platform": "PTX1000 and PTX10000 Series, QFX10000 Series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3"
},
{
"platform": "PTX1000 and PTX10000 Series, QFX10000 Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The corrupted memory initialization is restricted to the sFlow process.\nThe firewall policer provides the method for the exploitation to take place.\nDisabling either resolves the exploitation of this issue, but does not fix the underlying vulnerability.\n\nThe following minimal configuration is required for the issue to be seen: \n firewall policer\nand\n sflow"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue occurs on Juniper Networks Junos OS devices which do not support Advanced Forwarding Interface (AFI) / Advanced Forwarding Toolkit (AFT). Devices using AFI and AFT are not exploitable to this issue. An improper initialization of memory in the packet forwarding architecture in Juniper Networks Junos OS non-AFI/AFT platforms which may lead to a Denial of Service (DoS) vulnerability being exploited when a genuine packet is received and inspected by non-AFT/AFI sFlow and when the device is also configured with firewall policers. This first genuine packet received and inspected by sampled flow (sFlow) through a specific firewall policer will cause the device to reboot. After the reboot has completed, if the device receives and sFlow inspects another genuine packet seen through a specific firewall policer, the device will generate a core file and reboot. Continued inspection of these genuine packets will create an extended Denial of Service (DoS) condition. Depending on the method for service restoration, e.g. hard boot or soft reboot, a core file may or may not be generated the next time the packet is received and inspected by sFlow. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S9, 17.4R3 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.1 versions prior to 18.1R3-S9 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D30 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.2 versions prior to 18.2R3 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.3 versions prior to 18.3R3 on PTX1000 and PTX10000 Series, QFX10000 Series. This issue is not applicable to Junos OS versions before 17.4R1. This issue is not applicable to Junos OS Evolved or Junos OS with Advanced Forwarding Toolkit (AFT) forwarding implementations which use a different implementation of sFlow. The following example information is unrelated to this issue and is provided solely to assist you with determining if you have AFT or not. Example: A Junos OS device which supports the use of EVPN signaled VPWS with Flexible Cross Connect uses the AFT implementation. Since this configuration requires support and use of the AFT implementation to support this configuration, the device is not vulnerable to this issue as the sFlow implementation is different using the AFT architecture. For further details about AFT visit the AFI / AFT are in the links below. If you are uncertain if you use the AFI/AFT implementation or not, there are configuration examples in the links below which you may use to determine if you are vulnerable to this issue or not. If the commands work, you are. If not, you are not. You may also use the Feature Explorer to determine if AFI/AFT is supported or not. If you are still uncertain, please contact your support resources."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-665 Improper Initialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11000",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11000"
},
{
"name": "https://github.com/Juniper/AFI",
"refsource": "MISC",
"url": "https://github.com/Juniper/AFI"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/example/example-configuring-vpws-service-with-evpn-signaling-mechanisms.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/example/example-configuring-vpws-service-with-evpn-signaling-mechanisms.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 17.4R2-S9, 17.4R3;18.2X75-D12, 18.2X75-D30, 18.1R3-S9, 18.2R3, 18.3R3, 18.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11000",
"defect": [
"1372944"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Discontinue use of firewall policers.\nOr\nDiscontinue use of sFlow.\nOr\nBoth of the above. It is not required to discontinue both to mitigate the issue.\n\nThere are no other available workarounds."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1617",
"datePublished": "2020-04-08T19:25:54.368Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:03:44.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1618 (GCVE-0-2020-1618)
Vulnerability from cvelistv5 – Published: 2020-04-08 19:25 – Updated: 2024-09-17 01:56
VLAI
EPSS
Title
Junos OS: EX and QFX Series: Console port authentication bypass vulnerability
Summary
On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: • At the first reboot after performing device factory reset using the command “request system zeroize”; or • A temporary moment during the first reboot after the software upgrade when the device configured in Virtual Chassis mode. This issue affects Juniper Networks Junos OS on EX and QFX Series: 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S4; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S4; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R1-S7, 18.3R2. This issue does not affect Juniper Networks Junos OS 12.3.
Severity
6.3 (Medium)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11001 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Unaffected:
12.3
Affected: 14.1X53 , < 14.1X53-D53 (custom) Affected: 15.1 , < 15.1R7-S4 (custom) Affected: 15.1X53 , < 15.1X53-D593 (custom) Affected: 16.1 , < 16.1R7-S4 (custom) Affected: 17.1 , < 17.1R2-S11, 17.1R3-S1 (custom) Affected: 17.2 , < 17.2R3-S3 (custom) Affected: 17.3 , < 17.3R2-S5, 17.3R3-S6 (custom) Affected: 17.4 , < 17.4R2-S9, 17.4R3 (custom) Affected: 18.1 , < 18.1R3-S8 (custom) Affected: 18.2 , < 18.2R2 (custom) Affected: 18.3 , < 18.3R1-S7, 18.3R2 (custom) |
Date Public
2020-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"EX and QFX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "unaffected",
"version": "12.3"
},
{
"lessThan": "14.1X53-D53",
"status": "affected",
"version": "14.1X53",
"versionType": "custom"
},
{
"lessThan": "15.1R7-S4",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "15.1X53-D593",
"status": "affected",
"version": "15.1X53",
"versionType": "custom"
},
{
"lessThan": "16.1R7-S4",
"status": "affected",
"version": "16.1",
"versionType": "custom"
},
{
"lessThan": "17.1R2-S11, 17.1R3-S1",
"status": "affected",
"version": "17.1",
"versionType": "custom"
},
{
"lessThan": "17.2R3-S3",
"status": "affected",
"version": "17.2",
"versionType": "custom"
},
{
"lessThan": "17.3R2-S5, 17.3R3-S6",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S9, 17.4R3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S8",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R1-S7, 18.3R2",
"status": "affected",
"version": "18.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: \u2022 At the first reboot after performing device factory reset using the command \u201crequest system zeroize\u201d; or \u2022 A temporary moment during the first reboot after the software upgrade when the device configured in Virtual Chassis mode. This issue affects Juniper Networks Junos OS on EX and QFX Series: 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S4; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S4; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R1-S7, 18.3R2. This issue does not affect Juniper Networks Junos OS 12.3."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-08T19:25:54.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11001"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 14.1X53-D53, 15.1X53-D593, 15.1R7-S4, 16.1R7-S4, 17.1R2-S11, 17.1R3-S1, 17.2R3-S3, 17.3R2-S5, 17.3R3-S6, 17.4R2-S9, 17.4R3, 18.1R3-S8, 18.2R2, 18.3R1-S7, 18.3R2, 18.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11001",
"defect": [
"1378429",
"1368940"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: EX and QFX Series: Console port authentication bypass vulnerability",
"workarounds": [
{
"lang": "en",
"value": "Limit physical access to the console port only to trusted administrators."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1618",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX and QFX Series: Console port authentication bypass vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "14.1X53",
"version_value": "14.1X53-D53"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S4"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "15.1X53",
"version_value": "15.1X53-D593"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "16.1",
"version_value": "16.1R7-S4"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "17.1",
"version_value": "17.1R2-S11, 17.1R3-S1"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "17.2",
"version_value": "17.2R3-S3"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R2-S5, 17.3R3-S6"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S9, 17.4R3"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S8"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R1-S7, 18.3R2"
},
{
"platform": "EX and QFX Series",
"version_affected": "!",
"version_value": "12.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: \u2022 At the first reboot after performing device factory reset using the command \u201crequest system zeroize\u201d; or \u2022 A temporary moment during the first reboot after the software upgrade when the device configured in Virtual Chassis mode. This issue affects Juniper Networks Junos OS on EX and QFX Series: 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S4; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S4; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R1-S7, 18.3R2. This issue does not affect Juniper Networks Junos OS 12.3."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11001",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11001"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 14.1X53-D53, 15.1X53-D593, 15.1R7-S4, 16.1R7-S4, 17.1R2-S11, 17.1R3-S1, 17.2R3-S3, 17.3R2-S5, 17.3R3-S6, 17.4R2-S9, 17.4R3, 18.1R3-S8, 18.2R2, 18.3R1-S7, 18.3R2, 18.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11001",
"defect": [
"1378429",
"1368940"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Limit physical access to the console port only to trusted administrators."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1618",
"datePublished": "2020-04-08T19:25:54.845Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:56:26.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1619 (GCVE-0-2020-1619)
Vulnerability from cvelistv5 – Published: 2020-04-08 19:25 – Updated: 2024-09-17 02:27
VLAI
EPSS
Title
Junos OS: QFX10K Series, EX9200 Series, MX Series, PTX Series: Privilege escalation vulnerability in NG-RE.
Summary
A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. This issue only affects QFX10K Series with NG-RE, EX9200 Series with NG-RE, MX Series with NG-RE and PTX Series with NG-RE; which uses vmhost. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S4; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2. To identify whether the device has NG-RE with vmhost, customer can run the following command: > show vmhost status Compute cluster: rainier-re-cc Compute Node: rainier-re-cn, Online If the "show vmhost status" is not supported, then the device does not have NG-RE with vmhost.
Severity
6 (Medium)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11002 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
16.1 , < 16.1R7-S6
(custom)
Affected: 16.2 , < 16.2R2-S11 (custom) Affected: 17.1 , < 17.1R2-S11, 17.1R3 (custom) Affected: 17.2 , < 17.2R1-S9, 17.2R3-S3 (custom) Affected: 17.3 , < 17.3R2-S5, 17.3R3-S7 (custom) Affected: 17.4 , < 17.4R2-S7, 17.4R3 (custom) Affected: 18.1 , < 18.1R3-S4 (custom) Affected: 18.2 , < 18.2R3 (custom) Affected: 18.2X75 , < 18.2X75-D50 (custom) Affected: 18.3 , < 18.3R2 (custom) Affected: 18.4 , < 18.4R2 (custom) |
Date Public
2020-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QFX10K Series, EX9200 Series, MX Series, PTX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "16.1R7-S6",
"status": "affected",
"version": "16.1",
"versionType": "custom"
},
{
"lessThan": "16.2R2-S11",
"status": "affected",
"version": "16.2",
"versionType": "custom"
},
{
"lessThan": "17.1R2-S11, 17.1R3",
"status": "affected",
"version": "17.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "17.2R2",
"status": "affected"
}
],
"lessThan": "17.2R1-S9, 17.2R3-S3",
"status": "affected",
"version": "17.2",
"versionType": "custom"
},
{
"lessThan": "17.3R2-S5, 17.3R3-S7",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S7, 17.4R3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S4",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.2X75-D50",
"status": "affected",
"version": "18.2X75",
"versionType": "custom"
},
{
"lessThan": "18.3R2",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2",
"status": "affected",
"version": "18.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. This issue only affects QFX10K Series with NG-RE, EX9200 Series with NG-RE, MX Series with NG-RE and PTX Series with NG-RE; which uses vmhost. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S4; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2. To identify whether the device has NG-RE with vmhost, customer can run the following command: \u003e show vmhost status Compute cluster: rainier-re-cc Compute Node: rainier-re-cn, Online If the \"show vmhost status\" is not supported, then the device does not have NG-RE with vmhost."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-08T19:25:55.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11002"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3, 17.2R1-S9, 17.2R3-S3, 17.3R2-S5, 17.3R3-S7, 17.4R2-S7, 17.4R3, 18.1R3-S4, 18.2R3, 18.2X75-D50, 18.3R2, 18.4R2, 19.1R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11002",
"defect": [
"1398331"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: QFX10K Series, EX9200 Series, MX Series, PTX Series: Privilege escalation vulnerability in NG-RE.",
"workarounds": [
{
"lang": "en",
"value": "There are no available workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1619",
"STATE": "PUBLIC",
"TITLE": "Junos OS: QFX10K Series, EX9200 Series, MX Series, PTX Series: Privilege escalation vulnerability in NG-RE."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "QFX10K Series, EX9200 Series, MX Series, PTX Series",
"version_affected": "\u003c",
"version_name": "16.1",
"version_value": "16.1R7-S6"
},
{
"platform": "QFX10K Series, EX9200 Series, MX Series, PTX Series",
"version_affected": "\u003c",
"version_name": "16.2",
"version_value": "16.2R2-S11"
},
{
"platform": "QFX10K Series, EX9200 Series, MX Series, PTX Series",
"version_affected": "\u003c",
"version_name": "17.1",
"version_value": "17.1R2-S11, 17.1R3"
},
{
"platform": "QFX10K Series, EX9200 Series, MX Series, PTX Series",
"version_affected": "\u003c",
"version_name": "17.2",
"version_value": "17.2R1-S9, 17.2R3-S3"
},
{
"platform": "QFX10K Series, EX9200 Series, MX Series, PTX Series",
"version_affected": "\u003e=",
"version_name": "17.2",
"version_value": "17.2R2"
},
{
"platform": "QFX10K Series, EX9200 Series, MX Series, PTX Series",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R2-S5, 17.3R3-S7"
},
{
"platform": "QFX10K Series, EX9200 Series, MX Series, PTX Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S7, 17.4R3"
},
{
"platform": "QFX10K Series, EX9200 Series, MX Series, PTX Series",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S4"
},
{
"platform": "QFX10K Series, EX9200 Series, MX Series, PTX Series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3"
},
{
"platform": "QFX10K Series, EX9200 Series, MX Series, PTX Series",
"version_affected": "\u003c",
"version_name": "18.2X75",
"version_value": "18.2X75-D50"
},
{
"platform": "QFX10K Series, EX9200 Series, MX Series, PTX Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R2"
},
{
"platform": "QFX10K Series, EX9200 Series, MX Series, PTX Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. This issue only affects QFX10K Series with NG-RE, EX9200 Series with NG-RE, MX Series with NG-RE and PTX Series with NG-RE; which uses vmhost. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S4; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2. To identify whether the device has NG-RE with vmhost, customer can run the following command: \u003e show vmhost status Compute cluster: rainier-re-cc Compute Node: rainier-re-cn, Online If the \"show vmhost status\" is not supported, then the device does not have NG-RE with vmhost."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11002",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11002"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3, 17.2R1-S9, 17.2R3-S3, 17.3R2-S5, 17.3R3-S7, 17.4R2-S7, 17.4R3, 18.1R3-S4, 18.2R3, 18.2X75-D50, 18.3R2, 18.4R2, 19.1R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11002",
"defect": [
"1398331"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no available workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1619",
"datePublished": "2020-04-08T19:25:55.287Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:27:03.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1620 (GCVE-0-2020-1620)
Vulnerability from cvelistv5 – Published: 2020-04-08 19:25 – Updated: 2024-09-17 04:25
VLAI
EPSS
Title
Junos OS Evolved: Configd leaks hashes via log file and is world readable
Summary
A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1.
Severity
5.5 (Medium)
CWE
- CWE-664 - Improper Control of a Resource Through its Lifetime
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11003 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Affected:
unspecified , < 19.3R1-EVO
(custom)
|
Date Public
2020-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.3R1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664 Improper Control of a Resource Through its Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T23:09:15.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.3R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406189"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Configd leaks hashes via log file and is world readable",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1620",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: Configd leaks hashes via log file and is world readable"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.3R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-664 Improper Control of a Resource Through its Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11003",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11003"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.3R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406189"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1620",
"datePublished": "2020-04-08T19:25:55.765Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:25:35.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1621 (GCVE-0-2020-1621)
Vulnerability from cvelistv5 – Published: 2020-04-08 19:25 – Updated: 2024-09-17 02:27
VLAI
EPSS
Title
Junos OS Evolved: Configd leaks hashes via stream and is world readable
Summary
A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces. This issue affects all versions of Junos OS Evolved prior to 19.3R1.
Severity
5.5 (Medium)
CWE
- CWE-664 - Improper Control of a Resource Through its Lifetime
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11003 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Affected:
unspecified , < 19.3R1-EVO
(custom)
|
Date Public
2020-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.3R1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces. This issue affects all versions of Junos OS Evolved prior to 19.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664 Improper Control of a Resource Through its Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T23:09:15.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.3R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406193"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Configd leaks hashes via stream and is world readable",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1621",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: Configd leaks hashes via stream and is world readable"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.3R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces. This issue affects all versions of Junos OS Evolved prior to 19.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-664 Improper Control of a Resource Through its Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11003",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11003"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.3R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406193"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1621",
"datePublished": "2020-04-08T19:25:56.192Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:27:25.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1622 (GCVE-0-2020-1622)
Vulnerability from cvelistv5 – Published: 2020-04-08 19:25 – Updated: 2024-09-16 19:35
VLAI
EPSS
Title
Junos OS Evolved: EvoSharedObjStore may leak sensitive information
Summary
A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. This issue affects all versions of Junos OS Evolved prior to 19.1R1.
Severity
5.5 (Medium)
CWE
- CWE-664 - Improper Control of a Resource Through its Lifetime
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11003 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Affected:
unspecified , < 19.1R1-EVO
(custom)
|
Date Public
2020-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.1R1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. This issue affects all versions of Junos OS Evolved prior to 19.1R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664 Improper Control of a Resource Through its Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T23:09:15.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.1R1-EVO, 19.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406195"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: EvoSharedObjStore may leak sensitive information",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1622",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: EvoSharedObjStore may leak sensitive information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.1R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. This issue affects all versions of Junos OS Evolved prior to 19.1R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-664 Improper Control of a Resource Through its Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11003",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11003"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.1R1-EVO, 19.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406195"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1622",
"datePublished": "2020-04-08T19:25:56.635Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:35:46.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1623 (GCVE-0-2020-1623)
Vulnerability from cvelistv5 – Published: 2020-04-08 19:25 – Updated: 2024-09-16 22:50
VLAI
EPSS
Title
Junos OS Evolved: ev.ops file may leak sensitive information
Summary
A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. This issue affects all versions of Junos OS Evolved prior to 19.2R1.
Severity
5.5 (Medium)
CWE
- CWE-532 - Information Exposure Through Log Files
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11003 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Affected:
unspecified , < 19.2R1-EVO
(custom)
|
Date Public
2020-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.2R1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. This issue affects all versions of Junos OS Evolved prior to 19.2R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T23:09:15.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406191"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: ev.ops file may leak sensitive information",
"workarounds": [
{
"lang": "en",
"value": "Limit access to the Junos OS shell to only trusted system administrators with a need for access below the Junos CLI."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1623",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: ev.ops file may leak sensitive information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.2R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. This issue affects all versions of Junos OS Evolved prior to 19.2R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11003",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11003"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406191"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Limit access to the Junos OS shell to only trusted system administrators with a need for access below the Junos CLI."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1623",
"datePublished": "2020-04-08T19:25:57.070Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:50:51.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1624 (GCVE-0-2020-1624)
Vulnerability from cvelistv5 – Published: 2020-04-08 19:25 – Updated: 2024-09-17 02:16
VLAI
EPSS
Title
Junos OS Evolved: objmon logs may leak sensitive information
Summary
A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1.
Severity
5.5 (Medium)
CWE
- CWE-532 - Information Exposure Through Log Files
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11003 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Affected:
unspecified , < 19.1R1-EVO
(custom)
|
Date Public
2020-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.1R1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T23:09:15.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.1R1-EVO, 19.2R2-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406239"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: objmon logs may leak sensitive information",
"workarounds": [
{
"lang": "en",
"value": "Limit access to the Junos OS shell to only trusted system administrators with a need for access below the Junos CLI."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1624",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: objmon logs may leak sensitive information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.1R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11003",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11003"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.1R1-EVO, 19.2R2-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406239"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Limit access to the Junos OS shell to only trusted system administrators with a need for access below the Junos CLI."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1624",
"datePublished": "2020-04-08T19:25:57.553Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:16:29.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1625 (GCVE-0-2020-1625)
Vulnerability from cvelistv5 – Published: 2020-04-08 19:25 – Updated: 2024-09-17 01:10
VLAI
EPSS
Title
Junos OS: Kernel memory leak in virtual-memory due to interface flaps
Summary
The kernel memory usage represented as "temp" via 'show system virtual-memory' may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps. This memory leak can affect running daemons (processes), leading to an extended Denial of Service (DoS) condition. Usage of "temp" virtual memory, shown here by a constantly increasing value of outstanding Requests, can be monitored by executing the 'show system virtual-memory' command as shown below: user@junos> show system virtual-memory |match "fpc|type|temp" fpc0: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 10551 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6460 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 user@junos> show system virtual-memory |match "fpc|type|temp" fpc0: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 16101 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6665 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 user@junos> show system virtual-memory |match "fpc|type|temp" fpc0: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 21867 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6858 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3; 18.2X75 versions prior to 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60; 18.3 versions prior to 18.3R1-S5, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2. This issue does not affect Juniper Networks Junos OS 12.3 and 15.1.
Severity
6.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11004 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
16.1 , < 16.1R7-S6
(custom)
Affected: 17.1 , < 17.1R2-S11, 17.1R3-S1 (custom) Affected: 17.2 , < 17.2R2-S8, 17.2R3-S3 (custom) Affected: 17.2X75 , < 17.2X75-D44 (custom) Affected: 17.3 , < 17.3R2-S5, 17.3R3-S6 (custom) Affected: 17.4 , < 17.4R2-S5, 17.4R3 (custom) Affected: 18.1 , < 18.1R3-S7 (custom) Affected: 18.2 , < 18.2R2-S5, 18.2R3 (custom) Affected: 18.2X75 , < 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60 (custom) Affected: 18.3 , < 18.3R1-S5, 18.3R2-S3, 18.3R3 (custom) Affected: 18.4 , < 18.4R2-S2, 18.4R3 (custom) Affected: 19.1 , < 19.1R1-S3, 19.1R2 (custom) Affected: 19.2 , < 19.2R1-S3, 19.2R2 (custom) |
Date Public
2020-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "16.1R7-S6",
"status": "affected",
"version": "16.1",
"versionType": "custom"
},
{
"lessThan": "17.1R2-S11, 17.1R3-S1",
"status": "affected",
"version": "17.1",
"versionType": "custom"
},
{
"lessThan": "17.2R2-S8, 17.2R3-S3",
"status": "affected",
"version": "17.2",
"versionType": "custom"
},
{
"lessThan": "17.2X75-D44",
"status": "affected",
"version": "17.2X75",
"versionType": "custom"
},
{
"lessThan": "17.3R2-S5, 17.3R3-S6",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S5, 17.4R3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S7",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S5, 18.2R3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60",
"status": "affected",
"version": "18.2X75",
"versionType": "custom"
},
{
"lessThan": "18.3R1-S5, 18.3R2-S3, 18.3R3",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S2, 18.4R3",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S3, 19.1R2",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S3, 19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Minimum configuration required:\n\n set interfaces irb"
}
],
"datePublic": "2020-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The kernel memory usage represented as \"temp\" via \u0027show system virtual-memory\u0027 may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps. This memory leak can affect running daemons (processes), leading to an extended Denial of Service (DoS) condition. Usage of \"temp\" virtual memory, shown here by a constantly increasing value of outstanding Requests, can be monitored by executing the \u0027show system virtual-memory\u0027 command as shown below: user@junos\u003e show system virtual-memory |match \"fpc|type|temp\" fpc0: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 10551 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6460 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 user@junos\u003e show system virtual-memory |match \"fpc|type|temp\" fpc0: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 16101 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6665 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 user@junos\u003e show system virtual-memory |match \"fpc|type|temp\" fpc0: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 21867 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6858 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3; 18.2X75 versions prior to 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60; 18.3 versions prior to 18.3R1-S5, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2. This issue does not affect Juniper Networks Junos OS 12.3 and 15.1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T23:09:15.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11004"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 16.1R7-S6, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.2X75-D44, 17.3R2-S5, 17.3R3-S6, 17.4R2-S5, 17.4R3, 18.1R3-S7, 18.2R2-S5, 18.2R3, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60, 18.3R1-S5, 18.3R2-S3, 18.3R3, 18.4R2-S2, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2, 19.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11004",
"defect": [
"1407000"
],
"discovery": "USER"
},
"title": "Junos OS: Kernel memory leak in virtual-memory due to interface flaps",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1625",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Kernel memory leak in virtual-memory due to interface flaps"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "16.1",
"version_value": "16.1R7-S6"
},
{
"version_affected": "\u003c",
"version_name": "17.1",
"version_value": "17.1R2-S11, 17.1R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "17.2",
"version_value": "17.2R2-S8, 17.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "17.2X75",
"version_value": "17.2X75-D44"
},
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R2-S5, 17.3R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S5, 17.4R3"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S5, 18.2R3"
},
{
"version_affected": "\u003c",
"version_name": "18.2X75",
"version_value": "18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R1-S5, 18.3R2-S3, 18.3R3"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S2, 18.4R3"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S3, 19.1R2"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S3, 19.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "Minimum configuration required:\n\n set interfaces irb"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel memory usage represented as \"temp\" via \u0027show system virtual-memory\u0027 may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps. This memory leak can affect running daemons (processes), leading to an extended Denial of Service (DoS) condition. Usage of \"temp\" virtual memory, shown here by a constantly increasing value of outstanding Requests, can be monitored by executing the \u0027show system virtual-memory\u0027 command as shown below: user@junos\u003e show system virtual-memory |match \"fpc|type|temp\" fpc0: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 10551 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6460 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 user@junos\u003e show system virtual-memory |match \"fpc|type|temp\" fpc0: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 16101 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6665 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 user@junos\u003e show system virtual-memory |match \"fpc|type|temp\" fpc0: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 21867 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6858 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3; 18.2X75 versions prior to 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60; 18.3 versions prior to 18.3R1-S5, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2. This issue does not affect Juniper Networks Junos OS 12.3 and 15.1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11004",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11004"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 16.1R7-S6, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.2X75-D44, 17.3R2-S5, 17.3R3-S6, 17.4R2-S5, 17.4R3, 18.1R3-S7, 18.2R2-S5, 18.2R3, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60, 18.3R1-S5, 18.3R2-S3, 18.3R3, 18.4R2-S2, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2, 19.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11004",
"defect": [
"1407000"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1625",
"datePublished": "2020-04-08T19:25:57.980Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:10:41.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1626 (GCVE-0-2020-1626)
Vulnerability from cvelistv5 – Published: 2020-04-08 19:25 – Updated: 2024-09-17 02:27
VLAI
EPSS
Title
Junos OS Evolved: Denial of Service vulnerability in processing high rate of specific packets
Summary
A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash. The pfemand process is responsible for packet forwarding on the device. By continuously sending the packet flood, an attacker can repeatedly crash the pfemand process causing a sustained Denial of Service. This issue can only be triggered by traffic sent to the device. Transit traffic does not cause this issue. This issue affects all version of Junos OS Evolved prior to 19.1R1-EVO.
Severity
7.5 (High)
CWE
- Denial of Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://tools.ietf.org/html/rfc6192 | x_refsource_MISC |
| https://kb.juniper.net/JSA11005 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Affected:
unspecified , < 19.1R1-EVO
(custom)
|
Date Public
2020-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tools.ietf.org/html/rfc6192"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.1R1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash. The pfemand process is responsible for packet forwarding on the device. By continuously sending the packet flood, an attacker can repeatedly crash the pfemand process causing a sustained Denial of Service. This issue can only be triggered by traffic sent to the device. Transit traffic does not cause this issue. This issue affects all version of Junos OS Evolved prior to 19.1R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T23:09:15.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tools.ietf.org/html/rfc6192"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11005"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.1R1-EVO, 19.2R1-EVO, 19.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11005",
"defect": [
"1419130"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Denial of Service vulnerability in processing high rate of specific packets",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device to known TCP and UDP ports, and only from trusted, administrative networks or hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1626",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: Denial of Service vulnerability in processing high rate of specific packets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.1R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash. The pfemand process is responsible for packet forwarding on the device. By continuously sending the packet flood, an attacker can repeatedly crash the pfemand process causing a sustained Denial of Service. This issue can only be triggered by traffic sent to the device. Transit traffic does not cause this issue. This issue affects all version of Junos OS Evolved prior to 19.1R1-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.ietf.org/html/rfc6192",
"refsource": "MISC",
"url": "https://tools.ietf.org/html/rfc6192"
},
{
"name": "https://kb.juniper.net/JSA11005",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11005"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.1R1-EVO, 19.2R1-EVO, 19.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11005",
"defect": [
"1419130"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device to known TCP and UDP ports, and only from trusted, administrative networks or hosts."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1626",
"datePublished": "2020-04-08T19:25:58.416Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:27:03.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…