Details of VAR-202004-0943

ID

VAR-202004-0943

CVE

CVE-2020-1626

TITLE

Juniper Networks Junos OS Evolved Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004092

DESCRIPTION

A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash. The pfemand process is responsible for packet forwarding on the device. By continuously sending the packet flood, an attacker can repeatedly crash the pfemand process causing a sustained Denial of Service. This issue can only be triggered by traffic sent to the device. Transit traffic does not cause this issue. This issue affects all version of Junos OS Evolved prior to 19.1R1-EVO. Juniper Networks Junos OS Evolved Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK

Trust: 1.71

sources: NVD: CVE-2020-1626 // JVNDB: JVNDB-2020-004092 // VULHUB: VHN-169320

AFFECTED PRODUCTS

vendor:	juniper	model:	junos os evolved	scope:	eq	version:	18.3	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	19.1r1-evo	Trust: 0.8

sources: JVNDB: JVNDB-2020-004092 // NVD: CVE-2020-1626

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1626
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2020-1626
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-004092
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202004-521
value:	HIGH
Trust: 0.6
VULHUB:	VHN-169320
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-1626
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-004092
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-169320
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-1626
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	JVNDB-2020-004092
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-169320 // JVNDB: JVNDB-2020-004092 // CNNVD: CNNVD-202004-521 // NVD: CVE-2020-1626 // NVD: CVE-2020-1626

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-400	Trust: 0.9

sources: VULHUB: VHN-169320 // JVNDB: JVNDB-2020-004092 // NVD: CVE-2020-1626

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-521

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202004-521

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004092

PATCH

title:	JSA11005	url:	https://kb.juniper.net/JSA11005	Trust: 0.8
title:	Juniper Networks Junos OS Evolved Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113588	Trust: 0.6

sources: JVNDB: JVNDB-2020-004092 // CNNVD: CNNVD-202004-521

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1626	Trust: 2.5
db:	JUNIPER	id:	JSA11005	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-004092	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-521	Trust: 0.7
db:	CNVD	id:	CNVD-2020-23010	Trust: 0.1
db:	VULHUB	id:	VHN-169320	Trust: 0.1

sources: VULHUB: VHN-169320 // JVNDB: JVNDB-2020-004092 // CNNVD: CNNVD-202004-521 // NVD: CVE-2020-1626

REFERENCES

url:	https://kb.juniper.net/jsa11005	Trust: 1.7
url:	https://tools.ietf.org/html/rfc6192	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1626	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1626	Trust: 0.8
url:	https://kb.juniper.net/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-evolved-overload-via-high-rate-specific-packets-31970	Trust: 0.6

sources: VULHUB: VHN-169320 // JVNDB: JVNDB-2020-004092 // CNNVD: CNNVD-202004-521 // NVD: CVE-2020-1626

SOURCES

db:	VULHUB	id:	VHN-169320
db:	JVNDB	id:	JVNDB-2020-004092
db:	CNNVD	id:	CNNVD-202004-521
db:	NVD	id:	CVE-2020-1626

LAST UPDATE DATE

2024-08-14T14:32:14.445000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169320	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-004092	date:	2020-05-07T00:00:00
db:	CNNVD	id:	CNNVD-202004-521	date:	2020-04-16T00:00:00
db:	NVD	id:	CVE-2020-1626	date:	2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169320	date:	2020-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-004092	date:	2020-05-07T00:00:00
db:	CNNVD	id:	CNNVD-202004-521	date:	2020-04-08T00:00:00
db:	NVD	id:	CVE-2020-1626	date:	2020-04-08T20:15:13.980