Sign-up

ID

VAR-202001-0992


CVE

CVE-2020-1601


TITLE

Juniper Networks Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-001429

DESCRIPTION

Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS). Continued receipt of this family of malformed PCEP packets will cause an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S13, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D496, 15.1X53-D592; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R1-S9; 17.2 version 17.2R2 and later prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2-S6, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect releases of Junos OS prior to 15.1R1. Juniper Networks Junos OS Contains an input validation vulnerability.Denial of service (DoS) May be in a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. The following products and versions are affected: Juniper Networks Junos OS Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1, Release 18.2, Release 18.2X75, 18.3 version, 18.4 version

Trust: 1.71

sources: NVD: CVE-2020-1601 // JVNDB: JVNDB-2020-001429 // VULHUB: VHN-169045

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2x75

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-001429 // NVD: CVE-2020-1601

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1601
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2020-1601
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-1601
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202001-299
value: HIGH

Trust: 0.6

VULHUB: VHN-169045
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1601
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-169045
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1601
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2020-1601
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2020-1601
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-169045 // JVNDB: JVNDB-2020-001429 // CNNVD: CNNVD-202001-299 // NVD: CVE-2020-1601 // NVD: CVE-2020-1601

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-169045 // JVNDB: JVNDB-2020-001429 // NVD: CVE-2020-1601

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-299

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202001-299

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001429

PATCH
title:JSA10980url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10980&actp=METADATA
Trust: 0.8
title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108386
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-001429 // 
            
            
            
            CNNVD: CNNVD-202001-299

EXTERNAL IDS
db:NVDid:CVE-2020-1601
Trust: 2.5
db:JUNIPERid:JSA10980
Trust: 1.7
db:JVNDBid:JVNDB-2020-001429
Trust: 0.8
db:CNNVDid:CNNVD-202001-299
Trust: 0.7
db:JUNIPERid:JSA10985
Trust: 0.6
db:JUNIPERid:JSA10982
Trust: 0.6
db:JUNIPERid:JSA10986
Trust: 0.6
db:JUNIPERid:JSA10979
Trust: 0.6
db:AUSCERTid:ESB-2020.0082
Trust: 0.6
db:VULHUBid:VHN-169045
Trust: 0.1
sources:
            
            
            VULHUB: VHN-169045 // 
            
            
            
            JVNDB: JVNDB-2020-001429 // 
            
            
            
            CNNVD: CNNVD-202001-299 // 
            
            
            
            NVD: CVE-2020-1601

REFERENCES
url:https://kb.juniper.net/jsa10980
Trust: 1.7
url:https://prsearch.juniper.net/infocenter/index?page=prcontent&id=pr1395205
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-1601
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1601
Trust: 0.8
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10986
Trust: 0.6
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10985
Trust: 0.6
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10982
Trust: 0.6
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10980
Trust: 0.6
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10979
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0082/
Trust: 0.6
url:https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-pcep-31275
Trust: 0.6
url:https://prsearch.juniper.net/infocenter/index?page=prcontent&id=pr1395205
Trust: 0.1
sources:
            
            
            VULHUB: VHN-169045 // 
            
            
            
            JVNDB: JVNDB-2020-001429 // 
            
            
            
            CNNVD: CNNVD-202001-299 // 
            
            
            
            NVD: CVE-2020-1601

SOURCES
db:VULHUBid:VHN-169045
db:JVNDBid:JVNDB-2020-001429
db:CNNVDid:CNNVD-202001-299
db:NVDid:CVE-2020-1601

LAST UPDATE DATE
2024-08-14T14:04:00.392000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-169045date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-001429date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-299date:2021-07-26T00:00:00
db:NVDid:CVE-2020-1601date:2021-07-21T11:39:23.747

SOURCES RELEASE DATE
db:VULHUBid:VHN-169045date:2020-01-15T00:00:00
db:JVNDBid:JVNDB-2020-001429date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-299date:2020-01-09T00:00:00
db:NVDid:CVE-2020-1601date:2020-01-15T09:15:11.873