Sign-up

ID

VAR-202007-0716


CVE

CVE-2020-1640


TITLE

Juniper Networks Junos OS Vulnerability regarding input verification in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008310

DESCRIPTION

An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. This framework requires these packets to be passed. By continuously sending any of these types of formatted genuine packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Authentication to the BGP peer is not required. This issue can be initiated or propagated through eBGP and iBGP and can impact devices in either modes of use as long as the devices are configured to support the compromised framework and a BGP path is activated or active. This issue affects: Juniper Networks Junos OS 16.1 versions 16.1R7-S6 and later versions prior to 16.1R7-S8; 17.3 versions 17.3R2-S5, 17.3R3-S6 and later versions prior to 17.3R3-S8; 17.4 versions 17.4R2-S7, 17.4R3 and later versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions 18.1R3-S7 and later versions prior to 18.1R3-S10; 18.2 versions 18.2R2-S6, 18.2R3-S2 and later versions prior to 18.2R2-S7, 18.2R3-S5; 18.2X75 versions 18.2X75-D12, 18.2X75-D32, 18.2X75-D33, 18.2X75-D51, 18.2X75-D60, 18.2X75-D411, 18.2X75-D420 and later versions prior to 18.2X75-D32, 18.2X75-D33, 18.2X75-D420, 18.2X75-D52, 18.2X75-D60, 18.2X75-D65, 18.2X75-D70;(*1) 18.3 versions 18.3R1-S6, 18.3R2-S3, 18.3R3 and later versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions 18.4R1-S5, 18.4R2-S4, 18.4R3 and later versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S3(*2); 19.1 versions 19.1R1-S3, 19.1R2 and later versions prior to 19.1R1-S5, 19.1R2-S2, 19.1R3-S2; 19.2 versions 19.2R1-S2, 19.2R2 and later versions prior to 19.2R1-S5, 19.2R2, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2, 19.4R3; 20.1 versions prior to 20.1R1-S1, 20.1R2. This issue does not affect Junos OS prior to 16.1R1. This issue affects IPv4 and IPv6 traffic. Juniper Networks Junos OS There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. The following products and versions are affected: Juniper Networks Junos OS Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1, Release 18.2, Release 18.2X75, Release 18.3, Release 18.4, Release 19.1, Release 19.2 , version 19.3, version 19.4, version 20.1

Trust: 1.71

sources: NVD: CVE-2020-1640 // JVNDB: JVNDB-2020-008310 // VULHUB: VHN-169474

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2x75

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008310 // NVD: CVE-2020-1640

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1640
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2020-1640
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008310
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-401
value: HIGH

Trust: 0.6

VULHUB: VHN-169474
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1640
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008310
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-169474
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1640
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-008310
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-169474 // JVNDB: JVNDB-2020-008310 // CNNVD: CNNVD-202007-401 // NVD: CVE-2020-1640 // NVD: CVE-2020-1640

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-1173

Trust: 1.0

sources: VULHUB: VHN-169474 // JVNDB: JVNDB-2020-008310 // NVD: CVE-2020-1640

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-401

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-401

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008310

PATCH
title:JSA11024url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11024&actp=METADATA
Trust: 0.8
title:Juniper Networks Junos OS Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124862
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008310 // 
            
            
            
            CNNVD: CNNVD-202007-401

EXTERNAL IDS
db:NVDid:CVE-2020-1640
Trust: 2.5
db:JUNIPERid:JSA11024
Trust: 1.7
db:JVNDBid:JVNDB-2020-008310
Trust: 0.8
db:CNNVDid:CNNVD-202007-401
Trust: 0.7
db:AUSCERTid:ESB-2020.2341
Trust: 0.6
db:CNVDid:CNVD-2020-51514
Trust: 0.1
db:VULHUBid:VHN-169474
Trust: 0.1
sources:
            
            
            VULHUB: VHN-169474 // 
            
            
            
            JVNDB: JVNDB-2020-008310 // 
            
            
            
            CNNVD: CNNVD-202007-401 // 
            
            
            
            NVD: CVE-2020-1640

REFERENCES
url:https://kb.juniper.net/jsa11024
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-1640
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-160
Trust: 0.8
url:https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-bgp-32767
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2341/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-169474 // 
            
            
            
            JVNDB: JVNDB-2020-008310 // 
            
            
            
            CNNVD: CNNVD-202007-401 // 
            
            
            
            NVD: CVE-2020-1640

SOURCES
db:VULHUBid:VHN-169474
db:JVNDBid:JVNDB-2020-008310
db:CNNVDid:CNNVD-202007-401
db:NVDid:CVE-2020-1640

LAST UPDATE DATE
2024-08-14T14:25:41.703000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-169474date:2020-07-24T00:00:00
db:JVNDBid:JVNDB-2020-008310date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-401date:2020-07-27T00:00:00
db:NVDid:CVE-2020-1640date:2020-07-24T15:09:45.657

SOURCES RELEASE DATE
db:VULHUBid:VHN-169474date:2020-07-17T00:00:00
db:JVNDBid:JVNDB-2020-008310date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-401date:2020-07-09T00:00:00
db:NVDid:CVE-2020-1640date:2020-07-17T19:15:12.610