Sign-up

ID

VAR-202004-2192


CVE

CVE-2020-1613


TITLE

Juniper Networks Junos OS Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003951

DESCRIPTION

A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. The BGP NOTIFICATION message that terminates an established BGP session is sent toward the peer device that originally sent the specific BGP FlowSpec advertisement. This specific BGP FlowSpec advertisement received from a BGP peer might get propagated from a Junos OS device running the fixed release to another device that is vulnerable causing BGP session termination downstream. This issue affects IPv4 and IPv6 BGP FlowSpec deployment. This issue affects Juniper Networks Junos OS: 12.3; 12.3X48 on SRX Series; 14.1X53 on EX and QFX Series; 15.1 versions prior to 15.1R7-S5; 15.1F versions prior to 15.1F6-S13; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D497 on NFX Series; 15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S12, 17.1R3; 17.2 versions prior to 17.2R2-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110, 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R1-S8, 17.4R2; 18.1 versions prior to 18.1R2-S4, 18.1R3; 18.2X75 versions prior to 18.2X75-D20. Juniper Networks Junos OS There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. The following products and versions are affected: Juniper Networks Junos OS Release 12.3, Release 12.3X48, Release 14.1X53, Release 15.1, Release 15.1F, Release 15.1X49, Release 15.1X53, Release 16.1, Release 17.1, Release 17.2, Release 17.2X75, Version 17.3, Version 17.4, Version 18.1, Version 18.2X75

Trust: 1.71

sources: NVD: CVE-2020-1613 // JVNDB: JVNDB-2020-003951 // VULHUB: VHN-169177

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x53-d58

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53-d57

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53-d59

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53-d52

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53-d55

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53-d50

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2x75

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2x75

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2x75-d10

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53-d51

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-003951 // NVD: CVE-2020-1613

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1613
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2020-1613
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-003951
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-503
value: HIGH

Trust: 0.6

VULHUB: VHN-169177
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1613
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003951
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-169177
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1613
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2020-1613
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003951
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-169177 // JVNDB: JVNDB-2020-003951 // CNNVD: CNNVD-202004-503 // NVD: CVE-2020-1613 // NVD: CVE-2020-1613

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-710

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-169177 // JVNDB: JVNDB-2020-003951 // NVD: CVE-2020-1613

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-503

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-503

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003951

PATCH
title:JSA10996url:https://kb.juniper.net/JSA10996
Trust: 0.8
title:Juniper Networks Junos OS Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115705
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-003951 // 
            
            
            
            CNNVD: CNNVD-202004-503

EXTERNAL IDS
db:NVDid:CVE-2020-1613
Trust: 2.5
db:JUNIPERid:JSA10996
Trust: 1.7
db:JVNDBid:JVNDB-2020-003951
Trust: 0.8
db:CNNVDid:CNNVD-202004-503
Trust: 0.7
db:AUSCERTid:ESB-2020.1271
Trust: 0.6
db:CNVDid:CNVD-2020-22958
Trust: 0.1
db:VULHUBid:VHN-169177
Trust: 0.1
sources:
            
            
            VULHUB: VHN-169177 // 
            
            
            
            JVNDB: JVNDB-2020-003951 // 
            
            
            
            CNNVD: CNNVD-202004-503 // 
            
            
            
            NVD: CVE-2020-1613

REFERENCES
url:https://kb.juniper.net/jsa10996
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-1613
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1613
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1271/
Trust: 0.6
url:https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-bgp-flowspec-31964
Trust: 0.6
sources:
            
            
            VULHUB: VHN-169177 // 
            
            
            
            JVNDB: JVNDB-2020-003951 // 
            
            
            
            CNNVD: CNNVD-202004-503 // 
            
            
            
            NVD: CVE-2020-1613

SOURCES
db:VULHUBid:VHN-169177
db:JVNDBid:JVNDB-2020-003951
db:CNNVDid:CNNVD-202004-503
db:NVDid:CVE-2020-1613

LAST UPDATE DATE
2024-11-23T19:43:21.679000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-169177date:2021-11-18T00:00:00
db:JVNDBid:JVNDB-2020-003951date:2020-04-30T00:00:00
db:CNNVDid:CNNVD-202004-503date:2021-11-23T00:00:00
db:NVDid:CVE-2020-1613date:2024-11-21T05:10:57.927

SOURCES RELEASE DATE
db:VULHUBid:VHN-169177date:2020-04-08T00:00:00
db:JVNDBid:JVNDB-2020-003951date:2020-04-30T00:00:00
db:CNNVDid:CNNVD-202004-503date:2020-04-08T00:00:00
db:NVDid:CVE-2020-1613date:2020-04-08T20:15:13.043