ID

VAR-202007-0720


CVE

CVE-2020-1645


TITLE

Juniper Networks Junos OS Vulnerability regarding input verification in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008314

DESCRIPTION

When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. If the issue occurs, system core-dumps output will show a crash of mspmand process: root@device> show system core-dumps -rw-rw---- 1 nobody wheel 575685123 <Date> /var/tmp/pics/mspmand.core.<*>.gz This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R2. Juniper Networks Junos OS There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The operating system provides a secure programming interface and Junos SDK

Trust: 1.8

sources: NVD: CVE-2020-1645 // JVNDB: JVNDB-2020-008314 // VULHUB: VHN-169529 // VULMON: CVE-2020-1645

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008314 // NVD: CVE-2020-1645

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1645
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2020-1645
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008314
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-409
value: HIGH

Trust: 0.6

VULHUB: VHN-169529
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-1645
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1645
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-008314
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-169529
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1645
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.7
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-008314
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-169529 // VULMON: CVE-2020-1645 // JVNDB: JVNDB-2020-008314 // CNNVD: CNNVD-202007-409 // NVD: CVE-2020-1645 // NVD: CVE-2020-1645

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-362

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-169529 // JVNDB: JVNDB-2020-008314 // NVD: CVE-2020-1645

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-409

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-409

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008314

PATCH

title:JSA11028url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11028&actp=METADATA

Trust: 0.8

title:Juniper Networks Junos OS Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124863

Trust: 0.6

sources: JVNDB: JVNDB-2020-008314 // CNNVD: CNNVD-202007-409

EXTERNAL IDS

db:NVDid:CVE-2020-1645

Trust: 2.6

db:JUNIPERid:JSA11028

Trust: 1.8

db:JVNDBid:JVNDB-2020-008314

Trust: 0.8

db:CNNVDid:CNNVD-202007-409

Trust: 0.7

db:AUSCERTid:ESB-2020.2345

Trust: 0.6

db:CNVDid:CNVD-2020-50488

Trust: 0.1

db:VULHUBid:VHN-169529

Trust: 0.1

db:VULMONid:CVE-2020-1645

Trust: 0.1

sources: VULHUB: VHN-169529 // VULMON: CVE-2020-1645 // JVNDB: JVNDB-2020-008314 // CNNVD: CNNVD-202007-409 // NVD: CVE-2020-1645

REFERENCES

url:https://kb.juniper.net/jsa11028

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-1645

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1645

Trust: 0.8

url:https://vigilance.fr/vulnerability/junos-os-mx-denial-of-service-via-services-card-dns-filtering-32769

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2345/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-169529 // VULMON: CVE-2020-1645 // JVNDB: JVNDB-2020-008314 // CNNVD: CNNVD-202007-409 // NVD: CVE-2020-1645

SOURCES

db:VULHUBid:VHN-169529
db:VULMONid:CVE-2020-1645
db:JVNDBid:JVNDB-2020-008314
db:CNNVDid:CNNVD-202007-409
db:NVDid:CVE-2020-1645

LAST UPDATE DATE

2024-08-14T15:07:10.033000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-169529date:2022-01-01T00:00:00
db:VULMONid:CVE-2020-1645date:2022-01-01T00:00:00
db:JVNDBid:JVNDB-2020-008314date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-409date:2022-01-04T00:00:00
db:NVDid:CVE-2020-1645date:2022-01-01T17:34:28.593

SOURCES RELEASE DATE

db:VULHUBid:VHN-169529date:2020-07-17T00:00:00
db:VULMONid:CVE-2020-1645date:2020-07-17T00:00:00
db:JVNDBid:JVNDB-2020-008314date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-409date:2020-07-09T00:00:00
db:NVDid:CVE-2020-1645date:2020-07-17T19:15:12.970