Details of VAR-202007-0718

ID

VAR-202007-0718

CVE

CVE-2020-1643

TITLE

Juniper Networks Junos OS Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008312

DESCRIPTION

Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS). By continuously executing the same CLI commands, a local attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Note: Only systems utilizing ARM processors, found on the EX2300 and EX3400, are vulnerable to this issue. Systems shipped with other processor architectures are not vulnerable to this issue. The processor architecture can be displayed via the 'uname -a' command. For example: ARM (vulnerable): % uname -a | awk '{print $NF}' arm PowerPC (not vulnerable): % uname -a | awk '{print $NF}' powerpc AMD (not vulnerable): % uname -a | awk '{print $NF}' amd64 Intel (not vulnerable): % uname -a | awk '{print $NF}' i386 This issue affects Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D100; 14.1X53 versions prior to 14.1X53-D140, 14.1X53-D54; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D210; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R2. Juniper Networks Junos OS Is vulnerable to handling exceptional conditions.Service operation interruption (DoS) It may be put into a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. The following products and versions are affected: Juniper Networks Junos OS Release 12.3X48, Release 14.1X53, Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1, Release 18.2 , 18.2X75 version, 18.3 version

Trust: 1.71

sources: NVD: CVE-2020-1643 // JVNDB: JVNDB-2020-008312 // VULHUB: VHN-169507

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	15.1x49	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1x53	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2x75	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3x48	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	16.1	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-008312 // NVD: CVE-2020-1643

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1643
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2020-1643
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-008312
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202007-411
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-169507
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-1643
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-008312
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-169507
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-1643
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	JVNDB-2020-008312
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-169507 // JVNDB: JVNDB-2020-008312 // CNNVD: CNNVD-202007-411 // NVD: CVE-2020-1643 // NVD: CVE-2020-1643

PROBLEMTYPE DATA

problemtype:

CWE-755

Trust: 1.9

sources: VULHUB: VHN-169507 // JVNDB: JVNDB-2020-008312 // NVD: CVE-2020-1643

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-411

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-411

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008312

PATCH

title:	JSA11030	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11030&actp=METADATA	Trust: 0.8
title:	Juniper Networks Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124329	Trust: 0.6

sources: JVNDB: JVNDB-2020-008312 // CNNVD: CNNVD-202007-411

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1643	Trust: 2.5
db:	JUNIPER	id:	JSA11030	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-008312	Trust: 0.8
db:	CNNVD	id:	CNNVD-202007-411	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2346	Trust: 0.6
db:	VULHUB	id:	VHN-169507	Trust: 0.1

sources: VULHUB: VHN-169507 // JVNDB: JVNDB-2020-008312 // CNNVD: CNNVD-202007-411 // NVD: CVE-2020-1643

REFERENCES

url:	https://kb.juniper.net/jsa11030	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1643	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1643	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.2346/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-show-ospf-interface-32770	Trust: 0.6

sources: VULHUB: VHN-169507 // JVNDB: JVNDB-2020-008312 // CNNVD: CNNVD-202007-411 // NVD: CVE-2020-1643

SOURCES

db:	VULHUB	id:	VHN-169507
db:	JVNDB	id:	JVNDB-2020-008312
db:	CNNVD	id:	CNNVD-202007-411
db:	NVD	id:	CVE-2020-1643

LAST UPDATE DATE

2024-11-23T22:16:25.770000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169507	date:	2020-07-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-008312	date:	2020-09-08T00:00:00
db:	CNNVD	id:	CNNVD-202007-411	date:	2020-07-27T00:00:00
db:	NVD	id:	CVE-2020-1643	date:	2024-11-21T05:11:03.930

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169507	date:	2020-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-008312	date:	2020-09-08T00:00:00
db:	CNNVD	id:	CNNVD-202007-411	date:	2020-07-09T00:00:00
db:	NVD	id:	CVE-2020-1643	date:	2020-07-17T19:15:12.780