ID

VAR-202001-1000


CVE

CVE-2020-1600


TITLE

Juniper Networks Junos OS Vulnerabilities related to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2020-001428

DESCRIPTION

In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. This issue affects both SNMP over IPv4 and IPv6. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D90; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D592; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2. Juniper Networks Junos OS Contains a resource exhaustion vulnerability.Denial of service (DoS) May be in a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. An attacker could exploit this vulnerability to cause a denial of service (infinite loop and heavy CPU consumption). The following products and versions are affected: Juniper Networks Junos OS Release 12.3X48, Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1, Release 18.2, Version 18.2X75, Version 18.3, Version 18.4, Version 19.1, Version 19.2

Trust: 1.71

sources: NVD: CVE-2020-1600 // JVNDB: JVNDB-2020-001428 // VULHUB: VHN-169034

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2x75

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-001428 // NVD: CVE-2020-1600

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1600
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2020-1600
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-1600
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202001-298
value: MEDIUM

Trust: 0.6

VULHUB: VHN-169034
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1600
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-169034
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1600
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2020-001428
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-169034 // JVNDB: JVNDB-2020-001428 // CNNVD: CNNVD-202001-298 // NVD: CVE-2020-1600 // NVD: CVE-2020-1600

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

problemtype:CWE-835

Trust: 1.1

sources: VULHUB: VHN-169034 // JVNDB: JVNDB-2020-001428 // NVD: CVE-2020-1600

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-298

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202001-298

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-001428

PATCH

title:JSA10979url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10979&actp=METADATA

Trust: 0.8

title:Juniper Networks Junos OS Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108385

Trust: 0.6

sources: JVNDB: JVNDB-2020-001428 // CNNVD: CNNVD-202001-298

EXTERNAL IDS

db:NVDid:CVE-2020-1600

Trust: 2.5

db:JUNIPERid:JSA10979

Trust: 1.7

db:JVNDBid:JVNDB-2020-001428

Trust: 0.8

db:CNNVDid:CNNVD-202001-298

Trust: 0.7

db:JUNIPERid:JSA10980

Trust: 0.6

db:JUNIPERid:JSA10985

Trust: 0.6

db:JUNIPERid:JSA10982

Trust: 0.6

db:JUNIPERid:JSA10986

Trust: 0.6

db:AUSCERTid:ESB-2020.0082

Trust: 0.6

db:VULHUBid:VHN-169034

Trust: 0.1

sources: VULHUB: VHN-169034 // JVNDB: JVNDB-2020-001428 // CNNVD: CNNVD-202001-298 // NVD: CVE-2020-1600

REFERENCES

url:https://kb.juniper.net/jsa10979

Trust: 1.7

url:https://prsearch.juniper.net/infocenter/index?page=prcontent&id=pr1402185

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-1600

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1600

Trust: 0.8

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10986

Trust: 0.6

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10985

Trust: 0.6

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10982

Trust: 0.6

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10980

Trust: 0.6

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10979

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-infinite-loop-via-rpd-snmp-command-31274

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0082/

Trust: 0.6

url:https://prsearch.juniper.net/infocenter/index?page=prcontent&id=pr1402185

Trust: 0.1

sources: VULHUB: VHN-169034 // JVNDB: JVNDB-2020-001428 // CNNVD: CNNVD-202001-298 // NVD: CVE-2020-1600

SOURCES

db:VULHUBid:VHN-169034
db:JVNDBid:JVNDB-2020-001428
db:CNNVDid:CNNVD-202001-298
db:NVDid:CVE-2020-1600

LAST UPDATE DATE

2024-08-14T14:04:00.360000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-169034date:2021-09-14T00:00:00
db:JVNDBid:JVNDB-2020-001428date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-298date:2021-09-15T00:00:00
db:NVDid:CVE-2020-1600date:2021-09-14T13:21:46.983

SOURCES RELEASE DATE

db:VULHUBid:VHN-169034date:2020-01-15T00:00:00
db:JVNDBid:JVNDB-2020-001428date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-298date:2020-01-09T00:00:00
db:NVDid:CVE-2020-1600date:2020-01-15T09:15:11.750