ID

VAR-202004-0952


CVE

CVE-2020-1639


TITLE

Juniper Networks Junos OS Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003944

DESCRIPTION

When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) condition by coring the CFM daemon. Continued receipt of these packets may cause an extended Denial of Service condition. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 14.1X50 versions prior to 14.1X50-D145; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R2; 15.1X49 versions prior to 15.1X49-D170 on SRX Series; 15.1X53 versions prior to 15.1X53-D67. Juniper Networks Junos OS Is vulnerable to handling exceptional conditions.Service operation interruption (DoS) It may be put into a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK

Trust: 1.71

sources: NVD: CVE-2020-1639 // JVNDB: JVNDB-2020-003944 // VULHUB: VHN-169463

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x50

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-003944 // NVD: CVE-2020-1639

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1639
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2020-1639
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-003944
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-532
value: HIGH

Trust: 0.6

VULHUB: VHN-169463
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1639
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003944
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-169463
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1639
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-003944
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-169463 // JVNDB: JVNDB-2020-003944 // CNNVD: CNNVD-202004-532 // NVD: CVE-2020-1639 // NVD: CVE-2020-1639

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.9

problemtype:CWE-703

Trust: 1.0

sources: VULHUB: VHN-169463 // JVNDB: JVNDB-2020-003944 // NVD: CVE-2020-1639

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-532

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-532

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003944

PATCH

title:JSA11020url:https://kb.juniper.net/JSA11020

Trust: 0.8

title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115734

Trust: 0.6

sources: JVNDB: JVNDB-2020-003944 // CNNVD: CNNVD-202004-532

EXTERNAL IDS

db:NVDid:CVE-2020-1639

Trust: 2.5

db:JVNDBid:JVNDB-2020-003944

Trust: 0.8

db:CNNVDid:CNNVD-202004-532

Trust: 0.7

db:NSFOCUSid:46358

Trust: 0.6

db:CNVDid:CNVD-2020-33719

Trust: 0.1

db:VULHUBid:VHN-169463

Trust: 0.1

sources: VULHUB: VHN-169463 // JVNDB: JVNDB-2020-003944 // CNNVD: CNNVD-202004-532 // NVD: CVE-2020-1639

REFERENCES

url:https://kb.juniper.net/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-1639

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1639

Trust: 0.8

url:https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-ethernet-oam-31980

Trust: 0.6

url:http://www.nsfocus.net/vulndb/46358

Trust: 0.6

sources: VULHUB: VHN-169463 // JVNDB: JVNDB-2020-003944 // CNNVD: CNNVD-202004-532 // NVD: CVE-2020-1639

SOURCES

db:VULHUBid:VHN-169463
db:JVNDBid:JVNDB-2020-003944
db:CNNVDid:CNNVD-202004-532
db:NVDid:CVE-2020-1639

LAST UPDATE DATE

2024-11-23T22:58:18.996000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-169463date:2022-10-21T00:00:00
db:JVNDBid:JVNDB-2020-003944date:2020-04-30T00:00:00
db:CNNVDid:CNNVD-202004-532date:2020-04-14T00:00:00
db:NVDid:CVE-2020-1639date:2024-11-21T05:11:03.443

SOURCES RELEASE DATE

db:VULHUBid:VHN-169463date:2020-04-08T00:00:00
db:JVNDBid:JVNDB-2020-003944date:2020-04-30T00:00:00
db:CNNVDid:CNNVD-202004-532date:2020-04-08T00:00:00
db:NVDid:CVE-2020-1639date:2020-04-08T20:15:14.527