Sign-up

ID

VAR-202001-0993


CVE

CVE-2020-1602


TITLE

Juniper Networks Junos OS In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-001430

DESCRIPTION

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. This issue affect IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode. Juniper Networks Junos OS In OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. The following products and versions are affected: Juniper Networks Junos OS Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1, Release 18.2, Release 18.3, Release 18.4 Version, version 19.1, version 19.2, version 19.3; versions before Junos OS Evolved 19.3R1

Trust: 1.71

sources: NVD: CVE-2020-1602 // JVNDB: JVNDB-2020-001430 // VULHUB: VHN-169056

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2x75

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-001430 // CNNVD: CNNVD-202001-300 // NVD: CVE-2020-1602

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1602
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2020-1602
value: HIGH

Trust: 1.0

NVD: CVE-2020-1602
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202001-300
value: HIGH

Trust: 0.6

VULHUB: VHN-169056
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-1602
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-169056
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1602
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2020-1602
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2020-1602
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-169056 // JVNDB: JVNDB-2020-001430 // CNNVD: CNNVD-202001-300 // NVD: CVE-2020-1602 // NVD: CVE-2020-1602

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

problemtype:CWE-416

Trust: 1.0

sources: VULHUB: VHN-169056 // JVNDB: JVNDB-2020-001430 // NVD: CVE-2020-1602

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202001-300

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001430

PATCH
title:JSA10981url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10981&actp=METADATA
Trust: 0.8
title:Juniper Networks Junos OS  and Junos OS Evolved Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108387
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-001430 // 
            
            
            
            CNNVD: CNNVD-202001-300

EXTERNAL IDS
db:NVDid:CVE-2020-1602
Trust: 2.5
db:JUNIPERid:JSA10981
Trust: 1.7
db:JVNDBid:JVNDB-2020-001430
Trust: 0.8
db:CNNVDid:CNNVD-202001-300
Trust: 0.7
db:AUSCERTid:ESB-2020.0083
Trust: 0.6
db:CNVDid:CNVD-2020-29640
Trust: 0.1
db:VULHUBid:VHN-169056
Trust: 0.1
sources:
            
            
            VULHUB: VHN-169056 // 
            
            
            
            JVNDB: JVNDB-2020-001430 // 
            
            
            
            CNNVD: CNNVD-202001-300 // 
            
            
            
            NVD: CVE-2020-1602

REFERENCES
url:https://kb.juniper.net/jsa10981
Trust: 1.7
url:https://prsearch.juniper.net/infocenter/index?page=prcontent&id=pr1449353
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-1602
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1602
Trust: 0.8
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10981
Trust: 0.6
url:https://vigilance.fr/vulnerability/junos-os-three-vulnerabilities-via-jdhcpd-31276
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0083/
Trust: 0.6
url:https://prsearch.juniper.net/infocenter/index?page=prcontent&id=pr1449353
Trust: 0.1
sources:
            
            
            VULHUB: VHN-169056 // 
            
            
            
            JVNDB: JVNDB-2020-001430 // 
            
            
            
            CNNVD: CNNVD-202001-300 // 
            
            
            
            NVD: CVE-2020-1602

SOURCES
db:VULHUBid:VHN-169056
db:JVNDBid:JVNDB-2020-001430
db:CNNVDid:CNNVD-202001-300
db:NVDid:CVE-2020-1602

LAST UPDATE DATE
2024-08-14T13:44:27.213000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-169056date:2020-01-24T00:00:00
db:JVNDBid:JVNDB-2020-001430date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-300date:2020-01-17T00:00:00
db:NVDid:CVE-2020-1602date:2020-01-24T15:06:08.633

SOURCES RELEASE DATE
db:VULHUBid:VHN-169056date:2020-01-15T00:00:00
db:JVNDBid:JVNDB-2020-001430date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-300date:2020-01-09T00:00:00
db:NVDid:CVE-2020-1602date:2020-01-15T09:15:12