Sign-up

ID

VAR-202001-0995


CVE

CVE-2020-1605


TITLE

Juniper Networks Junos OS In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-001432

DESCRIPTION

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode. Juniper Networks Junos OS In OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK

Trust: 1.71

sources: NVD: CVE-2020-1605 // JVNDB: JVNDB-2020-001432 // VULHUB: VHN-169089

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2x75

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-001432 // NVD: CVE-2020-1605

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1605
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2020-1605
value: HIGH

Trust: 1.0

NVD: CVE-2020-1605
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202001-304
value: HIGH

Trust: 0.6

VULHUB: VHN-169089
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-1605
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-169089
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1605
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2020-001432
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-169089 // JVNDB: JVNDB-2020-001432 // CNNVD: CNNVD-202001-304 // NVD: CVE-2020-1605 // NVD: CVE-2020-1605

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

problemtype:CWE-121

Trust: 1.0

sources: VULHUB: VHN-169089 // JVNDB: JVNDB-2020-001432 // NVD: CVE-2020-1605

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-304

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001432

PATCH
title:JSA10981url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10981&actp=METADATA
Trust: 0.8
title:Juniper Networks Junos OS  and Junos OS Evolved Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108391
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-001432 // 
            
            
            
            CNNVD: CNNVD-202001-304

EXTERNAL IDS
db:NVDid:CVE-2020-1605
Trust: 2.5
db:JUNIPERid:JSA10981
Trust: 1.7
db:JVNDBid:JVNDB-2020-001432
Trust: 0.8
db:CNNVDid:CNNVD-202001-304
Trust: 0.7
db:AUSCERTid:ESB-2020.0083
Trust: 0.6
db:CNVDid:CNVD-2020-13884
Trust: 0.1
db:VULHUBid:VHN-169089
Trust: 0.1
sources:
            
            
            VULHUB: VHN-169089 // 
            
            
            
            JVNDB: JVNDB-2020-001432 // 
            
            
            
            CNNVD: CNNVD-202001-304 // 
            
            
            
            NVD: CVE-2020-1605

REFERENCES
url:https://kb.juniper.net/jsa10981
Trust: 1.7
url:https://prsearch.juniper.net/infocenter/index?page=prcontent&id=pr1449353
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-1605
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1605
Trust: 0.8
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10981
Trust: 0.6
url:https://vigilance.fr/vulnerability/junos-os-three-vulnerabilities-via-jdhcpd-31276
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0083/
Trust: 0.6
url:https://prsearch.juniper.net/infocenter/index?page=prcontent&id=pr1449353
Trust: 0.1
sources:
            
            
            VULHUB: VHN-169089 // 
            
            
            
            JVNDB: JVNDB-2020-001432 // 
            
            
            
            CNNVD: CNNVD-202001-304 // 
            
            
            
            NVD: CVE-2020-1605

SOURCES
db:VULHUBid:VHN-169089
db:JVNDBid:JVNDB-2020-001432
db:CNNVDid:CNNVD-202001-304
db:NVDid:CVE-2020-1605

LAST UPDATE DATE
2024-08-14T13:44:27.187000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-169089date:2020-01-24T00:00:00
db:JVNDBid:JVNDB-2020-001432date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-304date:2020-04-22T00:00:00
db:NVDid:CVE-2020-1605date:2020-01-24T18:21:12.523

SOURCES RELEASE DATE
db:VULHUBid:VHN-169089date:2020-01-15T00:00:00
db:JVNDBid:JVNDB-2020-001432date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-304date:2020-01-09T00:00:00
db:NVDid:CVE-2020-1605date:2020-01-15T09:15:12.327