Details of VAR-202001-1000

ID

VAR-202001-1000

CVE

CVE-2020-1600

TITLE

Juniper Networks Junos OS Vulnerabilities related to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2020-001428

DESCRIPTION

In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. This issue affects both SNMP over IPv4 and IPv6. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D90; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D592; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2. Juniper Networks Junos OS Contains a resource exhaustion vulnerability.Denial of service (DoS) May be in a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. An attacker could exploit this vulnerability to cause a denial of service (infinite loop and heavy CPU consumption). The following products and versions are affected: Juniper Networks Junos OS Release 12.3X48, Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1, Release 18.2, Version 18.2X75, Version 18.3, Version 18.4, Version 19.1, Version 19.2

Trust: 1.71

sources: NVD: CVE-2020-1600 // JVNDB: JVNDB-2020-001428 // VULHUB: VHN-169034

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	15.1x53	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3x48	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	16.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1x49	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	16.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2x75	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.3	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-001428 // NVD: CVE-2020-1600

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1600
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2020-1600
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-1600
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202001-298
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-169034
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-1600
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-169034
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-1600
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-001428
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-169034 // JVNDB: JVNDB-2020-001428 // CNNVD: CNNVD-202001-298 // NVD: CVE-2020-1600 // NVD: CVE-2020-1600

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.9
problemtype:	CWE-835	Trust: 1.1

sources: VULHUB: VHN-169034 // JVNDB: JVNDB-2020-001428 // NVD: CVE-2020-1600

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-298

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202001-298

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-001428

PATCH

title:	JSA10979	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10979&actp=METADATA	Trust: 0.8
title:	Juniper Networks Junos OS Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108385	Trust: 0.6

sources: JVNDB: JVNDB-2020-001428 // CNNVD: CNNVD-202001-298

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1600	Trust: 2.5
db:	JUNIPER	id:	JSA10979	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-001428	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-298	Trust: 0.7
db:	JUNIPER	id:	JSA10980	Trust: 0.6
db:	JUNIPER	id:	JSA10985	Trust: 0.6
db:	JUNIPER	id:	JSA10982	Trust: 0.6
db:	JUNIPER	id:	JSA10986	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0082	Trust: 0.6
db:	VULHUB	id:	VHN-169034	Trust: 0.1

sources: VULHUB: VHN-169034 // JVNDB: JVNDB-2020-001428 // CNNVD: CNNVD-202001-298 // NVD: CVE-2020-1600

REFERENCES

url:	https://kb.juniper.net/jsa10979	Trust: 1.7
url:	https://prsearch.juniper.net/infocenter/index?page=prcontent&id=pr1402185	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1600	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1600	Trust: 0.8
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10986	Trust: 0.6
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10985	Trust: 0.6
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10982	Trust: 0.6
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10980	Trust: 0.6
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10979	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-infinite-loop-via-rpd-snmp-command-31274	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0082/	Trust: 0.6
url:	https://prsearch.juniper.net/infocenter/index?page=prcontent&id=pr1402185	Trust: 0.1

sources: VULHUB: VHN-169034 // JVNDB: JVNDB-2020-001428 // CNNVD: CNNVD-202001-298 // NVD: CVE-2020-1600

SOURCES

db:	VULHUB	id:	VHN-169034
db:	JVNDB	id:	JVNDB-2020-001428
db:	CNNVD	id:	CNNVD-202001-298
db:	NVD	id:	CVE-2020-1600

LAST UPDATE DATE

2024-08-14T14:04:00.360000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169034	date:	2021-09-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-001428	date:	2020-02-06T00:00:00
db:	CNNVD	id:	CNNVD-202001-298	date:	2021-09-15T00:00:00
db:	NVD	id:	CVE-2020-1600	date:	2021-09-14T13:21:46.983

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169034	date:	2020-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-001428	date:	2020-02-06T00:00:00
db:	CNNVD	id:	CNNVD-202001-298	date:	2020-01-09T00:00:00
db:	NVD	id:	CVE-2020-1600	date:	2020-01-15T09:15:11.750