Details of VAR-202001-0994

ID

VAR-202001-0994

CVE

CVE-2020-1603

TITLE

Juniper Networks Junos OS Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-001466

DESCRIPTION

Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. These IPv6 packets are designed to be blocked by the RE from egressing the RE. Instead, the RE allows these specific IPv6 packets to egress the RE, at which point a mbuf memory leak occurs within the Juniper Networks Junos OS device. This memory leak eventually leads to a kernel crash (vmcore), or the device hanging and requiring a power cycle to restore service, creating a Denial of Service (DoS) condition. During the time where mbufs are rising, yet not fully filled, some traffic from client devices may begin to be black holed. To be black holed, this traffic must match the condition where this traffic must be processed by the RE. Continued receipt and attempted egress of these specific IPv6 packets from the Routing Engine (RE) will create an extended Denial of Service (DoS) condition. Scenarios which have been observed are: 1. In a single chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario the device needs to be power cycled. 2. In a single chassis, dual RE scenario, the device master RE will fail over to the backup RE. In this scenario, the master and the backup REs need to be reset from time to time when they vmcore. There is no need to power cycle the device. 3. In a dual chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario, the two chassis' design relies upon some type of network level redundancy - VRRP, GRES, NSR, etc. - 3.a In a commanded switchover, where nonstop active routing (NSR) is enabled no session loss is observed. 4. In a dual chassis, dual chassis scenario, rely upon the RE to RE failover as stated in the second scenario. In the unlikely event that the device does not switch RE to RE gracefully, then the fallback position is to the network level services scenario in the third scenario. This issue affects: Juniper Networks Junos OS 16.1 versions prior to 16.1R7-S6; 16.1 version 16.1X70-D10 and later; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D50, 18.2X75-D410; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S6, 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect releases prior to Junos OS 16.1R1. Juniper Networks Junos OS Contains a buffer error vulnerability.Denial of service (DoS) May be in a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. The following products and versions are affected: Juniper Networks Junos OS Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1, Release 18.2, Release 18.2X75, Release 18.3, Release 18.4, Release 19.1, Release 19.2

Trust: 1.71

sources: NVD: CVE-2020-1603 // JVNDB: JVNDB-2020-001466 // VULHUB: VHN-169067

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	19.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	16.1x70	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	16.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2x75	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	16.1	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	junos os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-001466 // NVD: CVE-2020-1603

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1603
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2020-1603
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-1603
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202001-302
value:	HIGH
Trust: 0.6
VULHUB:	VHN-169067
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-1603
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-169067
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-1603
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-001466
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-169067 // JVNDB: JVNDB-2020-001466 // CNNVD: CNNVD-202001-302 // NVD: CVE-2020-1603 // NVD: CVE-2020-1603

PROBLEMTYPE DATA

problemtype:	CWE-401	Trust: 1.1
problemtype:	CWE-710	Trust: 1.0
problemtype:	Buffer error (CWE-119) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-772	Trust: 0.1

sources: VULHUB: VHN-169067 // JVNDB: JVNDB-2020-001466 // NVD: CVE-2020-1603

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-302

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-302

PATCH

title:	JSA10982	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10982&actp=METADATA	Trust: 0.8
title:	Juniper Networks Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108389	Trust: 0.6

sources: JVNDB: JVNDB-2020-001466 // CNNVD: CNNVD-202001-302

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1603	Trust: 2.5
db:	JUNIPER	id:	JSA10982	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-001466	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-302	Trust: 0.7
db:	JUNIPER	id:	JSA10980	Trust: 0.6
db:	JUNIPER	id:	JSA10985	Trust: 0.6
db:	JUNIPER	id:	JSA10986	Trust: 0.6
db:	JUNIPER	id:	JSA10979	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0082	Trust: 0.6
db:	VULHUB	id:	VHN-169067	Trust: 0.1

sources: VULHUB: VHN-169067 // JVNDB: JVNDB-2020-001466 // CNNVD: CNNVD-202001-302 // NVD: CVE-2020-1603

REFERENCES

url:	https://kb.juniper.net/jsa10982	Trust: 1.7
url:	https://prsearch.juniper.net/infocenter/index?page=prcontent&id=pr1443576	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1603	Trust: 1.4
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10986	Trust: 0.6
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10985	Trust: 0.6
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10982	Trust: 0.6
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10980	Trust: 0.6
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10979	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0082/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-ipv6-31277	Trust: 0.6
url:	https://prsearch.juniper.net/infocenter/index?page=prcontent&id=pr1443576	Trust: 0.1

sources: VULHUB: VHN-169067 // JVNDB: JVNDB-2020-001466 // CNNVD: CNNVD-202001-302 // NVD: CVE-2020-1603

SOURCES

db:	VULHUB	id:	VHN-169067
db:	JVNDB	id:	JVNDB-2020-001466
db:	CNNVD	id:	CNNVD-202001-302
db:	NVD	id:	CVE-2020-1603

LAST UPDATE DATE

2024-11-23T22:05:50.563000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169067	date:	2021-09-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-001466	date:	2020-02-10T00:00:00
db:	CNNVD	id:	CNNVD-202001-302	date:	2021-09-15T00:00:00
db:	NVD	id:	CVE-2020-1603	date:	2024-11-21T05:10:56.543

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169067	date:	2020-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-001466	date:	2020-02-10T00:00:00
db:	CNNVD	id:	CNNVD-202001-302	date:	2020-01-09T00:00:00
db:	NVD	id:	CVE-2020-1603	date:	2020-01-15T09:15:12.093