ID

VAR-202001-0999


CVE

CVE-2020-1609


TITLE

Juniper Networks Junos OS In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-001385

DESCRIPTION

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv6 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode. Juniper Networks Junos OS In OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK

Trust: 1.71

sources: NVD: CVE-2020-1609 // JVNDB: JVNDB-2020-001385 // VULHUB: VHN-169133

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2x75

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-001385 // NVD: CVE-2020-1609

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1609
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2020-1609
value: HIGH

Trust: 1.0

NVD: CVE-2020-1609
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202001-306
value: HIGH

Trust: 0.6

VULHUB: VHN-169133
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-1609
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-169133
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1609
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2020-001385
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-169133 // JVNDB: JVNDB-2020-001385 // CNNVD: CNNVD-202001-306 // NVD: CVE-2020-1609 // NVD: CVE-2020-1609

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

problemtype:CWE-121

Trust: 1.0

sources: VULHUB: VHN-169133 // JVNDB: JVNDB-2020-001385 // NVD: CVE-2020-1609

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-306

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-001385

PATCH

title:JSA10981url:https://kb.juniper.net/JSA10981

Trust: 0.8

title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108393

Trust: 0.6

sources: JVNDB: JVNDB-2020-001385 // CNNVD: CNNVD-202001-306

EXTERNAL IDS

db:NVDid:CVE-2020-1609

Trust: 2.5

db:JUNIPERid:JSA10981

Trust: 1.7

db:JVNDBid:JVNDB-2020-001385

Trust: 0.8

db:CNNVDid:CNNVD-202001-306

Trust: 0.7

db:AUSCERTid:ESB-2020.0083

Trust: 0.6

db:CNVDid:CNVD-2020-13879

Trust: 0.1

db:VULHUBid:VHN-169133

Trust: 0.1

sources: VULHUB: VHN-169133 // JVNDB: JVNDB-2020-001385 // CNNVD: CNNVD-202001-306 // NVD: CVE-2020-1609

REFERENCES

url:https://kb.juniper.net/jsa10981

Trust: 1.7

url:https://prsearch.juniper.net/infocenter/index?page=prcontent&id=pr1449353

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-1609

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1609

Trust: 0.8

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10981

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-three-vulnerabilities-via-jdhcpd-31276

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0083/

Trust: 0.6

url:https://prsearch.juniper.net/infocenter/index?page=prcontent&id=pr1449353

Trust: 0.1

sources: VULHUB: VHN-169133 // JVNDB: JVNDB-2020-001385 // CNNVD: CNNVD-202001-306 // NVD: CVE-2020-1609

SOURCES

db:VULHUBid:VHN-169133
db:JVNDBid:JVNDB-2020-001385
db:CNNVDid:CNNVD-202001-306
db:NVDid:CVE-2020-1609

LAST UPDATE DATE

2024-08-14T13:44:27.241000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-169133date:2020-01-22T00:00:00
db:JVNDBid:JVNDB-2020-001385date:2020-02-05T00:00:00
db:CNNVDid:CNNVD-202001-306date:2020-04-22T00:00:00
db:NVDid:CVE-2020-1609date:2020-01-22T19:20:19.660

SOURCES RELEASE DATE

db:VULHUBid:VHN-169133date:2020-01-15T00:00:00
db:JVNDBid:JVNDB-2020-001385date:2020-02-05T00:00:00
db:CNNVDid:CNNVD-202001-306date:2020-01-09T00:00:00
db:NVDid:CVE-2020-1609date:2020-01-15T09:15:12.733