Details of VAR-202007-0717

ID

VAR-202007-0717

CVE

CVE-2020-1641

TITLE

Juniper Networks Junos OS Race condition vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008311

DESCRIPTION

A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). This issue occurs when crafted LLDP packets are received by the device from an adjacent device. Multiple LACP flaps will occur after LLDP crashes. An indicator of compromise is to evaluate log file details for lldp with RLIMIT. Intervention should occur before 85% threshold of used KB versus maximum available KB memory is reached. show log messages | match RLIMIT | match lldp | last 20 Matching statement is " /kernel: %KERNEL-[number]: Process ([pid #],lldpd) has exceeded 85% of RLIMIT_DATA: " with [] as variable data to evaluate for. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R2-S7, 18.2R3; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. The following products and versions are affected: Juniper Networks Junos OS Release 12.3, Release 12.3X48, Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1, Release 18.2, 18.2X75 version, 18.3 version, 18.4 version, 19.1 version

Trust: 1.71

sources: NVD: CVE-2020-1641 // JVNDB: JVNDB-2020-008311 // VULHUB: VHN-169485

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	15.1x53	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3x48	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1x49	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	16.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2x75	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.3	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-008311 // NVD: CVE-2020-1641

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1641
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2020-1641
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-008311
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202007-402
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-169485
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-1641
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-008311
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-169485
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-1641
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	JVNDB-2020-008311
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-169485 // JVNDB: JVNDB-2020-008311 // CNNVD: CNNVD-202007-402 // NVD: CVE-2020-1641 // NVD: CVE-2020-1641

PROBLEMTYPE DATA

problemtype:

CWE-362

Trust: 1.9

sources: VULHUB: VHN-169485 // JVNDB: JVNDB-2020-008311 // NVD: CVE-2020-1641

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202007-402

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-202007-402

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008311

PATCH

title:	JSA11027	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11027&actp=METADATA	Trust: 0.8
title:	Juniper Networks Junos OS Repair measures for the competition condition problem loophole	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124327	Trust: 0.6

sources: JVNDB: JVNDB-2020-008311 // CNNVD: CNNVD-202007-402

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1641	Trust: 2.5
db:	JUNIPER	id:	JSA11027	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-008311	Trust: 0.8
db:	CNNVD	id:	CNNVD-202007-402	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2343	Trust: 0.6
db:	VULHUB	id:	VHN-169485	Trust: 0.1

sources: VULHUB: VHN-169485 // JVNDB: JVNDB-2020-008311 // CNNVD: CNNVD-202007-402 // NVD: CVE-2020-1641

REFERENCES

url:	https://kb.juniper.net/jsa11027	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1641	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1641	Trust: 0.8
url:	https://vigilance.fr/vulnerability/junos-os-memory-leak-via-lldp-32768	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2343/	Trust: 0.6

sources: VULHUB: VHN-169485 // JVNDB: JVNDB-2020-008311 // CNNVD: CNNVD-202007-402 // NVD: CVE-2020-1641

SOURCES

db:	VULHUB	id:	VHN-169485
db:	JVNDB	id:	JVNDB-2020-008311
db:	CNNVD	id:	CNNVD-202007-402
db:	NVD	id:	CVE-2020-1641

LAST UPDATE DATE

2024-08-14T15:01:48.644000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169485	date:	2021-07-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-008311	date:	2020-09-08T00:00:00
db:	CNNVD	id:	CNNVD-202007-402	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2020-1641	date:	2021-07-23T19:02:10.507

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169485	date:	2020-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-008311	date:	2020-09-08T00:00:00
db:	CNNVD	id:	CNNVD-202007-402	date:	2020-07-09T00:00:00
db:	NVD	id:	CVE-2020-1641	date:	2020-07-17T19:15:12.703